CVE-2016-9921

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-9921
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9921.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-9921
Downstream
Related
Published
2016-12-23T22:59:00.550Z
Modified
2026-04-11T12:00:22.710945Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "10"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "11"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "9"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/qemu/qemu

Affected ranges

Type
GIT
Repo
https://github.com/qemu/qemu
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0d83fccb4fb3140d21feeb37ba069ba71029aaa7
Last affected
b0bcc86d2a87456f5a276f941dc775b265b309cf
Last affected
00227fefd2059464cd2f59aed29944874c630e2f
Last affected
1cd56fd2e14f67ead2f0458b4ae052f19865c41c
Last affected
c1eb2ddf0f8075faddc5f7c3d39feae3e8e9d6b4
Last affected
609d7596524ab204ccd71ef42c9eee4c7c338ea4
Last affected
823a3f11fb8f04c3c3cc0f95f968fef1bfc6534f
Last affected
131b9a05705636086699df15d4a6d328bb2585e8
Database specific 
{
    "cpe": [
        "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*",
        "cpe:2.3:a:qemu:qemu:2.8.0:rc1:*:*:*:*:*:*",
        "cpe:2.3:a:qemu:qemu:2.8.0:rc2:*:*:*:*:*:*",
        "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.1"
        },
        {
            "last_affected": "2.8.0-rc0"
        },
        {
            "last_affected": "2.8.0-rc1"
        },
        {
            "last_affected": "2.8.0-rc2"
        },
        {
            "last_affected": "8.0"
        },
        {
            "last_affected": "6.0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "last_affected": "4.0"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.1.1
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.11.0-rc0
v0.12.0-rc0
v0.13.0-rc0
v0.14.0-rc0
v0.2.0
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v1.*
v1.0
v1.0-rc0
v1.0-rc1
v1.0-rc2
v1.0-rc3
v1.0-rc4
v1.1-rc0
v1.1-rc1
v1.1-rc2
v1.1.0
v1.1.0-rc2
v1.1.0-rc3
v1.1.0-rc4
v1.2.0
v1.2.0-rc0
v1.2.0-rc1
v1.2.0-rc2
v1.2.0-rc3
v1.3.0
v1.3.0-rc0
v1.3.0-rc1
v1.3.0-rc2
v1.4.0
v1.4.0-rc0
v1.4.0-rc1
v1.4.0-rc2
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.5.0-rc2
v1.5.0-rc3
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.7.0-rc2
v2.*
v2.0.0
v2.0.0-rc0
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.1.0
v2.1.0-rc0
v2.1.0-rc1
v2.1.0-rc2
v2.1.0-rc3
v2.1.0-rc4
v2.1.0-rc5
v2.10.0
v2.10.0-rc0
v2.10.0-rc1
v2.10.0-rc2
v2.10.0-rc3
v2.10.0-rc4
v2.11.0
v2.11.0-rc0
v2.11.0-rc1
v2.11.0-rc2
v2.11.0-rc3
v2.11.0-rc4
v2.11.0-rc5
v2.12.0
v2.12.0-rc0
v2.12.0-rc1
v2.12.0-rc2
v2.12.0-rc3
v2.12.0-rc4
v2.2.0
v2.2.0-rc0
v2.2.0-rc1
v2.2.0-rc2
v2.2.0-rc3
v2.2.0-rc4
v2.2.0-rc5
v2.3.0
v2.3.0-rc0
v2.3.0-rc1
v2.3.0-rc2
v2.3.0-rc3
v2.3.0-rc4
v2.4.0
v2.4.0-rc0
v2.4.0-rc1
v2.4.0-rc2
v2.4.0-rc3
v2.4.0-rc4
v2.5.0
v2.5.0-rc0
v2.5.0-rc1
v2.5.0-rc2
v2.5.0-rc3
v2.5.0-rc4
v2.6.0
v2.6.0-rc0
v2.6.0-rc1
v2.6.0-rc2
v2.6.0-rc3
v2.6.0-rc4
v2.6.0-rc5
v2.7.0
v2.7.0-rc0
v2.7.0-rc1
v2.7.0-rc2
v2.7.0-rc3
v2.7.0-rc4
v2.7.0-rc5
v2.7.1
v2.8.0
v2.8.0-rc0
v2.8.0-rc1
v2.8.0-rc2
v2.8.0-rc3
v2.8.0-rc4
v2.9.0
v2.9.0-rc0
v2.9.0-rc1
v2.9.0-rc2
v2.9.0-rc3
v2.9.0-rc4
v2.9.0-rc5
v3.*
v3.0.0
v3.0.0-rc0
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.0.0-rc4
v3.1.0
v3.1.0-rc0
v3.1.0-rc1
v3.1.0-rc2
v3.1.0-rc3
v3.1.0-rc4
v3.1.0-rc5
v4.*
v4.0.0
v4.0.0-rc0
v4.0.0-rc1
v4.0.0-rc2
v4.0.0-rc3
v4.0.0-rc4
v4.1.0
v4.1.0-rc0
v4.1.0-rc1
v4.1.0-rc2
v4.1.0-rc3
v4.1.0-rc4
v4.1.0-rc5
v4.2.0
v4.2.0-rc0
v4.2.0-rc1
v4.2.0-rc2
v4.2.0-rc3
v4.2.0-rc4
v4.2.0-rc5
v5.*
v5.0.0
v5.0.0-rc0
v5.0.0-rc1
v5.0.0-rc2
v5.0.0-rc3
v5.0.0-rc4
v5.1.0
v5.1.0-rc0
v5.1.0-rc1
v5.1.0-rc2
v5.1.0-rc3
v5.2.0
v5.2.0-rc0
v5.2.0-rc1
v5.2.0-rc2
v5.2.0-rc3
v5.2.0-rc4
v6.*
v6.0.0
v6.0.0-rc0
v6.0.0-rc1
v6.0.0-rc2
v6.0.0-rc3
v6.0.0-rc4
v6.0.0-rc5
v6.1.0
v6.1.0-rc0
v6.1.0-rc1
v6.1.0-rc2
v6.1.0-rc3
v6.1.0-rc4
v6.2.0
v6.2.0-rc0
v6.2.0-rc1
v6.2.0-rc3
v6.2.0-rc4
v7.*
v7.0.0
v7.0.0-rc0
v7.0.0-rc1
v7.0.0-rc2
v7.0.0-rc3
v7.0.0-rc4
v7.1.0
v7.1.0-rc0
v7.1.0-rc1
v7.1.0-rc2
v7.1.0-rc3
v7.1.0-rc4
v7.2.0
v7.2.0-rc0
v7.2.0-rc1
v7.2.0-rc2
v7.2.0-rc3
v7.2.0-rc4
v8.*
v8.0.0
v8.0.0-rc0
v8.0.0-rc1
v8.0.0-rc2
v8.0.0-rc3
v8.0.0-rc4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9921.json"