CVE-2017-7980

MEDIUM

Description

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

References

http://ubuntu.com/usn/usn-3289-1

http://www.openwall.com/lists/oss-security/2017/04/21/1

http://www.securityfocus.com/bid/102129

http://www.securityfocus.com/bid/97955

https://access.redhat.com/errata/RHSA-2017:0980

https://access.redhat.com/errata/RHSA-2017:0981

https://access.redhat.com/errata/RHSA-2017:0982

https://access.redhat.com/errata/RHSA-2017:0983

https://access.redhat.com/errata/RHSA-2017:0984

https://access.redhat.com/errata/RHSA-2017:0988

https://access.redhat.com/errata/RHSA-2017:1205

https://access.redhat.com/errata/RHSA-2017:1206

https://access.redhat.com/errata/RHSA-2017:1430

https://access.redhat.com/errata/RHSA-2017:1441

https://bugzilla.redhat.com/show_bug.cgi?id=1430056

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

https://security.gentoo.org/glsa/201706-03

https://support.citrix.com/article/CTX230138

Details

Source: MITRE

Published: 2017-07-25

Updated: 2019-04-22

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.8 (inclusive)

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:10.0:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*

OR

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
127343NewStart CGSL MAIN 4.05 : qemu-kvm Multiple Vulnerabilities (NS-SA-2019-0108)NessusNewStart CGSL Local Security Checks
high
117351Debian DLA-1497-1 : qemu security update (Spectre)NessusDebian Local Security Checks
high
111023OracleVM 3.4 : qemu-kvm (OVMSA-2018-0238) (Spectre)NessusOracleVM Local Security Checks
high
105083Citrix XenServer Multiple Vulnerabilities (CTX230138)NessusMisc.
high
104780SUSE SLES11 Security Update : kvm (SUSE-SU-2017:3084-1)NessusSuSE Local Security Checks
high
104495SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2969-1)NessusSuSE Local Security Checks
high
104494SUSE SLES11 Security Update : kvm (SUSE-SU-2017:2963-1)NessusSuSE Local Security Checks
high
104471SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2946-1)NessusSuSE Local Security Checks
high
102008Fedora 25 : 2:qemu (2017-f941184db1)NessusFedora Local Security Checks
high
101909Debian DLA-1035-1 : qemu security updateNessusDebian Local Security Checks
high
101851EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1119)NessusHuawei Local Security Checks
medium
101850EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1118)NessusHuawei Local Security Checks
medium
101758openSUSE Security Update : qemu (openSUSE-2017-822)NessusSuSE Local Security Checks
high
101479Virtuozzo 7 : qemu-img / qemu-kvm / qemu-kvm-common / etc (VZLSA-2017-1430)NessusVirtuozzo Local Security Checks
medium
101463Virtuozzo 6 : qemu-guest-agent / qemu-img / qemu-kvm / etc (VZLSA-2017-1206)NessusVirtuozzo Local Security Checks
high
101227SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1774-1)NessusSuSE Local Security Checks
high
100779Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170613)NessusScientific Linux Local Security Checks
medium
100777RHEL 7 : qemu-kvm (RHSA-2017:1430)NessusRed Hat Local Security Checks
medium
100776Oracle Linux 7 : qemu-kvm (ELSA-2017-1430)NessusOracle Linux Local Security Checks
medium
100770CentOS 7 : qemu-kvm (CESA-2017:1430)NessusCentOS Local Security Checks
medium
100630GLSA-201706-03 : QEMU: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
100250Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : qemu vulnerabilities (USN-3289-1)NessusUbuntu Local Security Checks
high
100142RHEL 6 : qemu-kvm-rhev (RHSA-2017:1205)NessusRed Hat Local Security Checks
high
100133Debian DLA-939-1 : qemu-kvm security updateNessusDebian Local Security Checks
high
100115OracleVM 3.4 : qemu-kvm (OVMSA-2017-0101)NessusOracleVM Local Security Checks
high
100097Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20170509)NessusScientific Linux Local Security Checks
high
100092RHEL 6 : qemu-kvm (RHSA-2017:1206)NessusRed Hat Local Security Checks
high
100088Oracle Linux 6 : qemu-kvm (ELSA-2017-1206)NessusOracle Linux Local Security Checks
high
100068CentOS 6 : qemu-kvm (CESA-2017:1206)NessusCentOS Local Security Checks
high
99963SUSE SLES12 Security Update : xen (SUSE-SU-2017:1148-1)NessusSuSE Local Security Checks
medium
99962SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:1147-1)NessusSuSE Local Security Checks
high
99961SUSE SLES11 Security Update : xen (SUSE-SU-2017:1146-1)NessusSuSE Local Security Checks
high
99960SUSE SLES11 Security Update : xen (SUSE-SU-2017:1145-1)NessusSuSE Local Security Checks
high