CVE-2017-2620

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

References

https://xenbits.xen.org/xsa/advisory-209.html

https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620

http://www.openwall.com/lists/oss-security/2017/02/21/1

https://support.citrix.com/article/CTX220771

https://security.gentoo.org/glsa/201704-01

https://security.gentoo.org/glsa/201703-07

https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html

http://www.securitytracker.com/id/1037870

http://www.securityfocus.com/bid/96378

http://rhn.redhat.com/errata/RHSA-2017-0454.html

http://rhn.redhat.com/errata/RHSA-2017-0396.html

http://rhn.redhat.com/errata/RHSA-2017-0352.html

http://rhn.redhat.com/errata/RHSA-2017-0351.html

http://rhn.redhat.com/errata/RHSA-2017-0350.html

http://rhn.redhat.com/errata/RHSA-2017-0334.html

http://rhn.redhat.com/errata/RHSA-2017-0333.html

http://rhn.redhat.com/errata/RHSA-2017-0332.html

http://rhn.redhat.com/errata/RHSA-2017-0331.html

http://rhn.redhat.com/errata/RHSA-2017-0330.html

http://rhn.redhat.com/errata/RHSA-2017-0329.html

http://rhn.redhat.com/errata/RHSA-2017-0328.html

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Details

Source: MITRE

Published: 2018-07-27

Updated: 2021-08-04

Type: CWE-125

Risk Information

CVSS v2

Base Score: 9

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8

Severity: HIGH

CVSS v3

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 3.1

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* versions up to 4.7.1 (inclusive)

cpe:2.3:o:xen:xen:4.7.1:r7:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.1:r1:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.1:r2:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.1:r3:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.1:r4:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.1:r6:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.7.1:r5:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

Tenable Plugins

View all (54 total)

IDNameProductFamilySeverity
140019OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
127343NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0108)NessusNewStart CGSL Local Security Checks
critical
117351Debian DLA-1497-1 : qemu security update (Spectre)NessusDebian Local Security Checks
critical
111992OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
106633Debian DLA-1270-1 : xen security updateNessusDebian Local Security Checks
critical
104780SUSE SLES11 Security Update : kvm (SUSE-SU-2017:3084-1)NessusSuSE Local Security Checks
critical
103830OracleVM 3.4 : xen (OVMSA-2017-0153)NessusOracleVM Local Security Checks
critical
102835OracleVM 3.4 : xen (OVMSA-2017-0142)NessusOracleVM Local Security Checks
critical
101434Virtuozzo 7 : kmod-kvm / kmod-kvm-debug / kvm / kvm-qemu-img / etc (VZLSA-2017-0454)NessusVirtuozzo Local Security Checks
critical
101433Virtuozzo 7 : qemu-img / qemu-kvm / qemu-kvm-common / etc (VZLSA-2017-0396)NessusVirtuozzo Local Security Checks
critical
101430Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2017-0352)NessusVirtuozzo Local Security Checks
critical
100232openSUSE Security Update : qemu (openSUSE-2017-589)NessusSuSE Local Security Checks
critical
100149SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1241-1)NessusSuSE Local Security Checks
critical
99977OracleVM 3.2 : xen (OVMSA-2017-0096)NessusOracleVM Local Security Checks
critical
99976OracleVM 3.3 : xen (OVMSA-2017-0095)NessusOracleVM Local Security Checks
critical
99883EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1038)NessusHuawei Local Security Checks
critical
99882EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1037)NessusHuawei Local Security Checks
critical
99758SUSE SLES11 Security Update : kvm (SUSE-SU-2017:1135-1)NessusSuSE Local Security Checks
critical
99581Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : qemu vulnerabilities (USN-3261-1)NessusUbuntu Local Security Checks
critical
99274GLSA-201704-01 : QEMU: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
99082OracleVM 3.4 : qemu-kvm (OVMSA-2017-0055)NessusOracleVM Local Security Checks
critical
99014GLSA-201703-07 : Xen: Privilege EscalationNessusGentoo Local Security Checks
critical
97865Fedora 24 : 2:qemu (2017-62ac1230f7)NessusFedora Local Security Checks
critical
97828SUSE SLES11 Security Update : xen (SUSE-SU-2017:0718-1)NessusSuSE Local Security Checks
critical
97804Fedora 25 : 2:qemu (2017-31b976672b)NessusFedora Local Security Checks
critical
97791openSUSE Security Update : qemu (openSUSE-2017-349)NessusSuSE Local Security Checks
critical
97712openSUSE Security Update : xen (openSUSE-2017-329)NessusSuSE Local Security Checks
critical
97696SUSE SLES12 Security Update : qemu (SUSE-SU-2017:0661-1)NessusSuSE Local Security Checks
critical
97657SUSE SLES11 Security Update : xen (SUSE-SU-2017:0647-1)NessusSuSE Local Security Checks
critical
97616Fedora 24 : xen (2017-1607a3a78e)NessusFedora Local Security Checks
critical
97611CentOS 5 : kvm (CESA-2017:0454)NessusCentOS Local Security Checks
critical
97599SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:0625-1)NessusSuSE Local Security Checks
critical
97597Scientific Linux Security Update : kvm on SL5.x x86_64 (20170307)NessusScientific Linux Local Security Checks
critical
97594RHEL 5 : kvm (RHSA-2017:0454)NessusRed Hat Local Security Checks
critical
97593Oracle Linux 5 : kvm (ELSA-2017-0454)NessusOracle Linux Local Security Checks
critical
97528CentOS 7 : qemu-kvm (CESA-2017:0396)NessusCentOS Local Security Checks
critical
97525Citrix XenServer Multiple Vulnerabilities (CTX220771)NessusMisc.
critical
97517Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170302)NessusScientific Linux Local Security Checks
critical
97512RHEL 7 : qemu-kvm (RHSA-2017:0396)NessusRed Hat Local Security Checks
critical
97508Oracle Linux 7 : qemu-kvm (ELSA-2017-0396)NessusOracle Linux Local Security Checks
critical
97493Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20170301)NessusScientific Linux Local Security Checks
critical
97490RHEL 6 : qemu-kvm (RHSA-2017:0352)NessusRed Hat Local Security Checks
critical
97489RHEL 6 : qemu-kvm-rhev (RHSA-2017:0351)NessusRed Hat Local Security Checks
critical
97488RHEL 7 : qemu-kvm-rhev (RHSA-2017:0350)NessusRed Hat Local Security Checks
critical
97486OracleVM 3.4 : qemu-kvm (OVMSA-2017-0047)NessusOracleVM Local Security Checks
critical
97485Oracle Linux 6 : qemu-kvm (ELSA-2017-0352)NessusOracle Linux Local Security Checks
critical
97473Debian DLA-845-1 : qemu security updateNessusDebian Local Security Checks
critical
97472CentOS 6 : qemu-kvm (CESA-2017:0352)NessusCentOS Local Security Checks
critical
97467SUSE SLES12 Security Update : xen (SUSE-SU-2017:0582-1)NessusSuSE Local Security Checks
critical
97451Fedora 25 : xen (2017-266ab882cd)NessusFedora Local Security Checks
critical
97439Debian DLA-842-1 : qemu-kvm security updateNessusDebian Local Security Checks
critical
97433SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0571-1)NessusSuSE Local Security Checks
critical
97432SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:0570-1)NessusSuSE Local Security Checks
critical
97312FreeBSD : xen-tools -- cirrus_bitblt_cputovideo does not check if memory region is safe (8cbd9c08-f8b9-11e6-ae1b-002590263bf5)NessusFreeBSD Local Security Checks
critical