Описание
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qemu | fixed | 1:2.10.0-1 | package | |
| qemu | ignored | jessie | package | |
| qemu | postponed | wheezy | package | |
| qemu-kvm | removed | package | ||
| qemu-kvm | postponed | wheezy | package |
Примечания
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html
Fixed by https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681
CentOS7 has a backport/upgrade(?) for their frankenstein version
http://vault.centos.org/7.6.1810/updates/Source/SPackages/qemu-kvm-1.5.3-160.el7_6.3.src.rpm
EPSS
Связанные уязвимости
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
EPSS