This security bulletin contains one low risk vulnerability.
CWE-787 - Out-of-bounds Write
Exploit availability: NoDescription
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the ATI VGA device implementation of the QEMU emulator incide of the ati_2d_blt() routine while handling MMIO write operations through the ati_mm_write() callback. A local privileged user on a guest operating system can run a specially crafted program to trigger out-of-bounds write and crash the QEMU process.
Install updates from vendor's website.Vulnerable software versions
QEMU: 4.0.0 - 4.2.1
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?