7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
39.6%
Prasad J Pandit, Red Hat Product Security Team, reports:
Qemu emulator built with the VNC display driver support is
vulnerable to a buffer overflow flaw leading to a heap memory
corruption issue. It could occur while refreshing the server
display surface via routine vnc_refresh_server_surface().
A privileged guest user could use this flaw to corrupt the heap
memory and crash the Qemu process instance OR potentially use it
to execute arbitrary code on the host.