The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
http://www.openwall.com/lists/oss-security/2018/01/15/3
http://www.securityfocus.com/bid/102520
https://git.qemu.org/?p=qemu.git;a=commit;h=f153b563f8cf121aebf5a2fff5f0110faf58ccb3
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Source: MITRE
Published: 2018-01-23
Updated: 2020-09-10
Type: CWE-125
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
Base Score: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 0.8
Severity: MEDIUM
OR
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.8.1.1 (inclusive)
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
144829 | EulerOS Virtualization 3.0.2.6 : qemu (EulerOS-SA-2021-1057) | Nessus | Huawei Local Security Checks | high |
140019 | OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre) | Nessus | OracleVM Local Security Checks | critical |
138415 | OracleVM 3.4 : xen (OVMSA-2020-0027) (deprecated) | Nessus | OracleVM Local Security Checks | low |
117351 | Debian DLA-1497-1 : qemu security update (Spectre) | Nessus | Debian Local Security Checks | high |
109886 | SUSE SLES11 Security Update : kvm (SUSE-SU-2018:1308-1) (Spectre) | Nessus | SuSE Local Security Checks | medium |
109358 | SUSE SLES11 Security Update : kvm (SUSE-SU-2018:1077-1) (Spectre) | Nessus | SuSE Local Security Checks | medium |
108929 | GLSA-201804-08 : QEMU: Multiple vulnerabilities (Spectre) | Nessus | Gentoo Local Security Checks | high |
108686 | SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:0831-1) (Spectre) | Nessus | SuSE Local Security Checks | high |
108369 | SUSE SLES11 Security Update : xen (SUSE-SU-2018:0678-1) (Meltdown) (Spectre) | Nessus | SuSE Local Security Checks | high |
107254 | SUSE SLES11 Security Update : xen (SUSE-SU-2018:0638-1) (Meltdown) (Spectre) | Nessus | SuSE Local Security Checks | high |
107144 | SUSE SLES12 Security Update : xen (SUSE-SU-2018:0609-1) (Meltdown) (Spectre) | Nessus | SuSE Local Security Checks | high |
107140 | SUSE SLES12 Security Update : xen (SUSE-SU-2018:0601-1) (Meltdown) (Spectre) | Nessus | SuSE Local Security Checks | high |
106901 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0472-1) (Meltdown) (Spectre) | Nessus | SuSE Local Security Checks | high |
106864 | openSUSE Security Update : xen (openSUSE-2018-169) (Meltdown) (Spectre) | Nessus | SuSE Local Security Checks | high |
106834 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2018:0438-1) (Meltdown) (Spectre) | Nessus | SuSE Local Security Checks | high |