These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-10029 is a QEMU Virtio GPU bug where a guest can send a VIRTIO_GPU_CMD_SET_SCANOUT command with a scanout id greater than num_scanouts. NVD describes the result as an out-of-bounds read that can crash the QEMU process, creating a denial-of-service condition for affected virtual machines and their host-side QEMU instance.
CVE-2016-10028 affects QEMU builds with Virtio GPU Device emulator support. A local guest OS user can send a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size of 0, which can trigger an out-of-bounds read in virgl_cmd_get_capset and crash the process. The published impact is denial of service rather than data corruption or code execution. For operators, the main concern is availability of [truncated]