Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2620

Опубликовано: 21 фев. 2017
Источник: redhat
CVSS3: 5.5
CVSS2: 4.9
EPSS Низкий

Описание

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmAffected
Red Hat Enterprise Linux 5xenWill not fix
Red Hat Enterprise Linux 6qemu-kvm-rhevAffected
Red Hat OpenStack Platform 11 (Ocata)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 5kvmFixedRHSA-2017:045407.03.2017
Red Hat Enterprise Linux 6qemu-kvmFixedRHSA-2017:035201.03.2017
Red Hat Enterprise Linux 7qemu-kvmFixedRHSA-2017:039602.03.2017
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6qemu-kvm-rhevFixedRHSA-2017:033427.02.2017
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7qemu-kvm-rhevFixedRHSA-2017:033327.02.2017
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7qemu-kvm-rhevFixedRHSA-2017:033227.02.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1420484Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo

EPSS

Процентиль: 73%
0.00774
Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-2620

CVSS3: 5.5
ubuntu
больше 7 лет назад

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

nvd логотип

CVE-2017-2620

CVSS3: 5.5
nvd
больше 7 лет назад

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

debian логотип

CVE-2017-2620

CVSS3: 5.5
debian
больше 7 лет назад

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA E ...

github логотип

GHSA-v6gr-ph59-9hqm

CVSS3: 9.9
github
больше 3 лет назад

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

oracle-oval логотип

ELSA-2017-0352

oracle-oval
больше 8 лет назад

ELSA-2017-0352: qemu-kvm security update (IMPORTANT)

EPSS

Процентиль: 73%
0.00774
Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2