Описание
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kvm | Will not fix | ||
| Red Hat Enterprise Linux 5 | xen | Will not fix | ||
| Red Hat Enterprise Linux 6 | qemu-kvm-rhev | Affected | ||
| Red Hat Enterprise Linux 7 | qemu-kvm-rhev | Affected | ||
| Red Hat OpenStack Platform 11 (Ocata) | qemu-kvm-rhev | Not affected | ||
| Red Hat Enterprise Linux 6 | qemu-kvm | Fixed | RHSA-2017:1206 | 09.05.2017 |
| Red Hat Enterprise Linux 7 | qemu-kvm | Fixed | RHSA-2017:1430 | 13.06.2017 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 | qemu-kvm-rhev | Fixed | RHSA-2017:1441 | 14.06.2017 |
| Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 | qemu-kvm-rhev | Fixed | RHSA-2017:0980 | 18.04.2017 |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | qemu-kvm-rhev | Fixed | RHSA-2017:0981 | 18.04.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
4.9 Medium
CVSS2
Связанные уязвимости
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick E ...
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
EPSS
5.5 Medium
CVSS3
4.9 Medium
CVSS2