#VU31252 Out-of-bounds read in QEMU - CVE-2017-2633

Cybersecurity Help s.r.o.

Published: 2018-07-27 | Updated: 2020-07-17

Vulnerability identifier: #VU31252

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-2633

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

Mitigation
Install update from vendor's website.

Vulnerable software versions

QEMU: 1.7.0 - 1.7.1

External links
https://www.openwall.com/lists/oss-security/2017/02/23/1
https://www.securityfocus.com/bid/96417
https://access.redhat.com/errata/RHSA-2017:1205
https://access.redhat.com/errata/RHSA-2017:1206
https://access.redhat.com/errata/RHSA-2017:1441
https://access.redhat.com/errata/RHSA-2017:1856
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in QEMU QEMU

SUSE Linux update for kvm