Описание
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Will not fix | ||
| Red Hat Enterprise Linux 5 | xen | Will not fix | ||
| Red Hat Enterprise Linux 6 | qemu-kvm-rhev | Will not fix | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Affected | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | qemu-kvm-rhev | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | qemu-kvm-rhev | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | qemu-kvm-rhev | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) | qemu-kvm-rhev | Will not fix | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Fixed | RHSA-2017:0621 | 21.03.2017 |
| Red Hat Enterprise Linux 7 | qemu-kvm | Fixed | RHSA-2016:2585 | 03.11.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.8 Low
CVSS2
Связанные уязвимости
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
Integer overflow in the VGA module in QEMU allows local guest OS users ...
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
ELSA-2017-0621: qemu-kvm security and bug fix update (MODERATE)
EPSS
3.8 Low
CVSS2