CVE-2017-2615

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
References
Link Resource
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615 Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/01/6 Mailing List Third Party Advisory
https://support.citrix.com/article/CTX220771 Third Party Advisory
https://security.gentoo.org/glsa/201702-28 Third Party Advisory
https://security.gentoo.org/glsa/201702-27 Third Party Advisory
http://www.securitytracker.com/id/1037804 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/95990 Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2017-0454.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0396.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0350.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0344.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0334.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0333.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0332.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0331.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0330.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0329.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0328.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0309.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.7.1:r1:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.7.1:r2:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.7.1:r3:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.7.1:r4:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*

Information

Published : 2018-07-02 18:29

Updated : 2023-02-12 15:29


NVD link : CVE-2017-2615

Mitre link : CVE-2017-2615


JSON object : View

CWE
CWE-787

Out-of-bounds Write

Advertisement

dedicated server usa

Products Affected

redhat

  • enterprise_linux_desktop
  • enterprise_linux_server_aus
  • enterprise_linux_workstation
  • openstack
  • enterprise_linux_server_eus
  • enterprise_linux_server

xen

  • xen

citrix

  • xenserver

qemu

  • qemu

debian

  • debian_linux