Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2615

Опубликовано: 24 янв. 2017
Источник: redhat
CVSS3: 5.5
CVSS2: 4.9

Описание

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmAffected
Red Hat Enterprise Linux 5xenWill not fix
Red Hat Enterprise Linux 6qemu-kvm-rhevAffected
Red Hat OpenStack Platform 11 (Ocata)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 5kvmFixedRHSA-2017:045407.03.2017
Red Hat Enterprise Linux 6qemu-kvmFixedRHSA-2017:030923.02.2017
Red Hat Enterprise Linux 7qemu-kvmFixedRHSA-2017:039602.03.2017
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6qemu-kvm-rhevFixedRHSA-2017:033427.02.2017
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7qemu-kvm-rhevFixedRHSA-2017:033327.02.2017
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7qemu-kvm-rhevFixedRHSA-2017:033227.02.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1418200Qemu: display: cirrus: oob access while doing bitblt copy backward mode

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-2615

CVSS3: 5.5
ubuntu
больше 7 лет назад

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

nvd логотип

CVE-2017-2615

CVSS3: 5.5
nvd
больше 7 лет назад

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

debian логотип

CVE-2017-2615

CVSS3: 5.5
debian
больше 7 лет назад

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator sup ...

github логотип

GHSA-wj78-4p23-4g74

CVSS3: 9.1
github
больше 3 лет назад

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

oracle-oval логотип

ELSA-2017-0454

oracle-oval
больше 8 лет назад

ELSA-2017-0454: kvm security update (IMPORTANT)

5.5 Medium

CVSS3

4.9 Medium

CVSS2