Out-of-bounds read in QEMU - CVE-2017-2615
Published: July 28, 2020
Vulnerability identifier: #VU31987
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2615
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
QEMU
QEMU
Software vendor:
QEMU
QEMU
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
Remediation
Install updates from vendor's website.
External links
- http://rhn.redhat.com/errata/RHSA-2017-0309.html
- http://rhn.redhat.com/errata/RHSA-2017-0328.html
- http://rhn.redhat.com/errata/RHSA-2017-0329.html
- http://rhn.redhat.com/errata/RHSA-2017-0330.html
- http://rhn.redhat.com/errata/RHSA-2017-0331.html
- http://rhn.redhat.com/errata/RHSA-2017-0332.html
- http://rhn.redhat.com/errata/RHSA-2017-0333.html
- http://rhn.redhat.com/errata/RHSA-2017-0334.html
- http://rhn.redhat.com/errata/RHSA-2017-0344.html
- http://rhn.redhat.com/errata/RHSA-2017-0350.html
- http://rhn.redhat.com/errata/RHSA-2017-0396.html
- http://rhn.redhat.com/errata/RHSA-2017-0454.html
- http://www.openwall.com/lists/oss-security/2017/02/01/6
- http://www.securityfocus.com/bid/95990
- http://www.securitytracker.com/id/1037804
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html
- https://security.gentoo.org/glsa/201702-27
- https://security.gentoo.org/glsa/201702-28
- https://support.citrix.com/article/CTX220771