CVE-2017-2615

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

References

https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615

http://www.openwall.com/lists/oss-security/2017/02/01/6

https://support.citrix.com/article/CTX220771

https://security.gentoo.org/glsa/201702-28

https://security.gentoo.org/glsa/201702-27

http://www.securitytracker.com/id/1037804

http://www.securityfocus.com/bid/95990

http://rhn.redhat.com/errata/RHSA-2017-0454.html

http://rhn.redhat.com/errata/RHSA-2017-0396.html

http://rhn.redhat.com/errata/RHSA-2017-0350.html

http://rhn.redhat.com/errata/RHSA-2017-0344.html

http://rhn.redhat.com/errata/RHSA-2017-0334.html

http://rhn.redhat.com/errata/RHSA-2017-0333.html

http://rhn.redhat.com/errata/RHSA-2017-0332.html

http://rhn.redhat.com/errata/RHSA-2017-0331.html

http://rhn.redhat.com/errata/RHSA-2017-0330.html

http://rhn.redhat.com/errata/RHSA-2017-0329.html

http://rhn.redhat.com/errata/RHSA-2017-0328.html

http://rhn.redhat.com/errata/RHSA-2017-0309.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Details

Source: MITRE

Published: 2018-07-03

Updated: 2021-08-04

Type: CWE-125

Risk Information

CVSS v2

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2.3

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.8.0 (inclusive)

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.1:r3:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.1:r4:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* versions up to 4.7.1 (inclusive)

cpe:2.3:o:xen:xen:4.7.1:r1:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.1:r2:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*

Tenable Plugins

View all (53 total)

IDNameProductFamilySeverity
140019OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
127343NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0108)NessusNewStart CGSL Local Security Checks
critical
117351Debian DLA-1497-1 : qemu security update (Spectre)NessusDebian Local Security Checks
critical
111992OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
104780SUSE SLES11 Security Update : kvm (SUSE-SU-2017:3084-1)NessusSuSE Local Security Checks
critical
103830OracleVM 3.4 : xen (OVMSA-2017-0153)NessusOracleVM Local Security Checks
critical
102835OracleVM 3.4 : xen (OVMSA-2017-0142)NessusOracleVM Local Security Checks
critical
101434Virtuozzo 7 : kmod-kvm / kmod-kvm-debug / kvm / kvm-qemu-img / etc (VZLSA-2017-0454)NessusVirtuozzo Local Security Checks
critical
101433Virtuozzo 7 : qemu-img / qemu-kvm / qemu-kvm-common / etc (VZLSA-2017-0396)NessusVirtuozzo Local Security Checks
critical
101428Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2017-0309)NessusVirtuozzo Local Security Checks
critical
100232openSUSE Security Update : qemu (openSUSE-2017-589)NessusSuSE Local Security Checks
critical
100149SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1241-1)NessusSuSE Local Security Checks
critical
99977OracleVM 3.2 : xen (OVMSA-2017-0096)NessusOracleVM Local Security Checks
critical
99976OracleVM 3.3 : xen (OVMSA-2017-0095)NessusOracleVM Local Security Checks
critical
99883EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1038)NessusHuawei Local Security Checks
critical
99882EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1037)NessusHuawei Local Security Checks
critical
99758SUSE SLES11 Security Update : kvm (SUSE-SU-2017:1135-1)NessusSuSE Local Security Checks
critical
99581Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : qemu vulnerabilities (USN-3261-1)NessusUbuntu Local Security Checks
critical
99082OracleVM 3.4 : qemu-kvm (OVMSA-2017-0055)NessusOracleVM Local Security Checks
critical
97865Fedora 24 : 2:qemu (2017-62ac1230f7)NessusFedora Local Security Checks
critical
97828SUSE SLES11 Security Update : xen (SUSE-SU-2017:0718-1)NessusSuSE Local Security Checks
critical
97804Fedora 25 : 2:qemu (2017-31b976672b)NessusFedora Local Security Checks
critical
97791openSUSE Security Update : qemu (openSUSE-2017-349)NessusSuSE Local Security Checks
critical
97712openSUSE Security Update : xen (openSUSE-2017-329)NessusSuSE Local Security Checks
critical
97696SUSE SLES12 Security Update : qemu (SUSE-SU-2017:0661-1)NessusSuSE Local Security Checks
critical
97657SUSE SLES11 Security Update : xen (SUSE-SU-2017:0647-1)NessusSuSE Local Security Checks
critical
97611CentOS 5 : kvm (CESA-2017:0454)NessusCentOS Local Security Checks
critical
97599SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:0625-1)NessusSuSE Local Security Checks
critical
97597Scientific Linux Security Update : kvm on SL5.x x86_64 (20170307)NessusScientific Linux Local Security Checks
critical
97594RHEL 5 : kvm (RHSA-2017:0454)NessusRed Hat Local Security Checks
critical
97593Oracle Linux 5 : kvm (ELSA-2017-0454)NessusOracle Linux Local Security Checks
critical
97528CentOS 7 : qemu-kvm (CESA-2017:0396)NessusCentOS Local Security Checks
critical
97525Citrix XenServer Multiple Vulnerabilities (CTX220771)NessusMisc.
critical
97517Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170302)NessusScientific Linux Local Security Checks
critical
97512RHEL 7 : qemu-kvm (RHSA-2017:0396)NessusRed Hat Local Security Checks
critical
97508Oracle Linux 7 : qemu-kvm (ELSA-2017-0396)NessusOracle Linux Local Security Checks
critical
97488RHEL 7 : qemu-kvm-rhev (RHSA-2017:0350)NessusRed Hat Local Security Checks
critical
97487RHEL 6 : qemu-kvm-rhev (RHSA-2017:0344)NessusRed Hat Local Security Checks
critical
97473Debian DLA-845-1 : qemu security updateNessusDebian Local Security Checks
critical
97467SUSE SLES12 Security Update : xen (SUSE-SU-2017:0582-1)NessusSuSE Local Security Checks
critical
97439Debian DLA-842-1 : qemu-kvm security updateNessusDebian Local Security Checks
critical
97433SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0571-1)NessusSuSE Local Security Checks
critical
97432SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0570-1)NessusSuSE Local Security Checks
critical
97430Fedora 24 : xen (2017-d4ee7018c1)NessusFedora Local Security Checks
critical
97409OracleVM 3.4 : qemu-kvm (OVMSA-2017-0043)NessusOracleVM Local Security Checks
critical
97390CentOS 6 : qemu-kvm (CESA-2017:0309)NessusCentOS Local Security Checks
critical
97379Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20170223)NessusScientific Linux Local Security Checks
critical
97374RHEL 6 : qemu-kvm (RHSA-2017:0309)NessusRed Hat Local Security Checks
critical
97372Oracle Linux 6 : qemu-kvm (ELSA-2017-0309)NessusOracle Linux Local Security Checks
critical
97271GLSA-201702-28 : QEMU: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
97270GLSA-201702-27 : Xen: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
97179Fedora 25 : xen (2017-cdb53b04e0)NessusFedora Local Security Checks
critical
97109FreeBSD : xen-tools -- oob access in cirrus bitblt copy (a73aba9a-effe-11e6-ae1b-002590263bf5)NessusFreeBSD Local Security Checks
critical