CVE-2017-13673

Published: Aug 29, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.

Affected (2)

Products: Qemu: Qemu

Qemu

1 product

Qemu

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Version 2.8.0
Qemu Qemu	Version 2.9.0

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (14)

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2017/09/10/1

Source: cve@mitre.org

http://www.securityfocus.com/bid/100527

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:1104

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2018:1113

Source: cve@mitre.org

https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d

Source: cve@mitre.org

https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html