Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
http://ubuntu.com/usn/usn-3289-1
http://www.openwall.com/lists/oss-security/2017/04/21/1
http://www.securityfocus.com/bid/102129
http://www.securityfocus.com/bid/97955
https://access.redhat.com/errata/RHSA-2017:0980
https://access.redhat.com/errata/RHSA-2017:0981
https://access.redhat.com/errata/RHSA-2017:0982
https://access.redhat.com/errata/RHSA-2017:0983
https://access.redhat.com/errata/RHSA-2017:0984
https://access.redhat.com/errata/RHSA-2017:0988
https://access.redhat.com/errata/RHSA-2017:1205
https://access.redhat.com/errata/RHSA-2017:1206
https://access.redhat.com/errata/RHSA-2017:1430
https://access.redhat.com/errata/RHSA-2017:1441
https://bugzilla.redhat.com/show_bug.cgi?id=1430056
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Source: MITRE
Published: 2017-07-25
Updated: 2019-04-22
Type: CWE-119
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
OR
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.8 (inclusive)
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
OR
OR
cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*
AND
OR
OR
AND
OR
OR
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
127343 | NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0108) | Nessus | NewStart CGSL Local Security Checks | high |
117351 | Debian DLA-1497-1 : qemu security update (Spectre) | Nessus | Debian Local Security Checks | high |
111023 | OracleVM 3.4 : qemu-kvm (OVMSA-2018-0238) (Spectre) | Nessus | OracleVM Local Security Checks | high |
105083 | Citrix XenServer Multiple Vulnerabilities (CTX230138) | Nessus | Misc. | high |
104780 | SUSE SLES11 Security Update : kvm (SUSE-SU-2017:3084-1) | Nessus | SuSE Local Security Checks | high |
104495 | SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2969-1) | Nessus | SuSE Local Security Checks | high |
104494 | SUSE SLES11 Security Update : kvm (SUSE-SU-2017:2963-1) | Nessus | SuSE Local Security Checks | high |
104471 | SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2946-1) | Nessus | SuSE Local Security Checks | high |
102008 | Fedora 25 : 2:qemu (2017-f941184db1) | Nessus | Fedora Local Security Checks | high |
101909 | Debian DLA-1035-1 : qemu security update | Nessus | Debian Local Security Checks | high |
101851 | EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1119) | Nessus | Huawei Local Security Checks | medium |
101850 | EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1118) | Nessus | Huawei Local Security Checks | medium |
101758 | openSUSE Security Update : qemu (openSUSE-2017-822) | Nessus | SuSE Local Security Checks | high |
101479 | Virtuozzo 7 : qemu-img / qemu-kvm / qemu-kvm-common / etc (VZLSA-2017-1430) | Nessus | Virtuozzo Local Security Checks | medium |
101463 | Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2017-1206) | Nessus | Virtuozzo Local Security Checks | high |
101227 | SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1774-1) | Nessus | SuSE Local Security Checks | high |
100779 | Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170613) | Nessus | Scientific Linux Local Security Checks | medium |
100777 | RHEL 7 : qemu-kvm (RHSA-2017:1430) | Nessus | Red Hat Local Security Checks | medium |
100776 | Oracle Linux 7 : qemu-kvm (ELSA-2017-1430) | Nessus | Oracle Linux Local Security Checks | medium |
100770 | CentOS 7 : qemu-kvm (CESA-2017:1430) | Nessus | CentOS Local Security Checks | medium |
100630 | GLSA-201706-03 : QEMU: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
100250 | Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : qemu vulnerabilities (USN-3289-1) | Nessus | Ubuntu Local Security Checks | high |
100142 | RHEL 6 : qemu-kvm-rhev (RHSA-2017:1205) | Nessus | Red Hat Local Security Checks | high |
100133 | Debian DLA-939-1 : qemu-kvm security update | Nessus | Debian Local Security Checks | high |
100115 | OracleVM 3.4 : qemu-kvm (OVMSA-2017-0101) | Nessus | OracleVM Local Security Checks | high |
100097 | Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20170509) | Nessus | Scientific Linux Local Security Checks | high |
100092 | RHEL 6 : qemu-kvm (RHSA-2017:1206) | Nessus | Red Hat Local Security Checks | high |
100088 | Oracle Linux 6 : qemu-kvm (ELSA-2017-1206) | Nessus | Oracle Linux Local Security Checks | high |
100068 | CentOS 6 : qemu-kvm (CESA-2017:1206) | Nessus | CentOS Local Security Checks | high |
99963 | SUSE SLES12 Security Update : xen (SUSE-SU-2017:1148-1) | Nessus | SuSE Local Security Checks | medium |
99962 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:1147-1) | Nessus | SuSE Local Security Checks | high |
99961 | SUSE SLES11 Security Update : xen (SUSE-SU-2017:1146-1) | Nessus | SuSE Local Security Checks | high |
99960 | SUSE SLES11 Security Update : xen (SUSE-SU-2017:1145-1) | Nessus | SuSE Local Security Checks | high |