CVE-2017-2615

critical

Description

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

References

https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615

http://www.openwall.com/lists/oss-security/2017/02/01/6

https://support.citrix.com/article/CTX220771

https://security.gentoo.org/glsa/201702-28

https://security.gentoo.org/glsa/201702-27

http://www.securitytracker.com/id/1037804

http://www.securityfocus.com/bid/95990

http://rhn.redhat.com/errata/RHSA-2017-0454.html

http://rhn.redhat.com/errata/RHSA-2017-0396.html

http://rhn.redhat.com/errata/RHSA-2017-0350.html

http://rhn.redhat.com/errata/RHSA-2017-0344.html

http://rhn.redhat.com/errata/RHSA-2017-0334.html

http://rhn.redhat.com/errata/RHSA-2017-0333.html

http://rhn.redhat.com/errata/RHSA-2017-0332.html

http://rhn.redhat.com/errata/RHSA-2017-0331.html

http://rhn.redhat.com/errata/RHSA-2017-0330.html

http://rhn.redhat.com/errata/RHSA-2017-0329.html

http://rhn.redhat.com/errata/RHSA-2017-0328.html

http://rhn.redhat.com/errata/RHSA-2017-0309.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Details

Source: MITRE

Published: 2018-07-03

Updated: 2023-02-12

Type: CWE-787

Risk Information

CVSS v2

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2.3

Severity: CRITICAL