CVE-2017-2620

Published: Jul 27, 2018Modified: Nov 21, 2024

9.9

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.1 / Impact: 6.0

Source: NVD

Description

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

Affected (32)

Products: Qemu: Qemu · Citrix: Xenserver · Debian: Debian Linux · +2 more

Show all products

Qemu: Qemu · Citrix: Xenserver · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation, Openstack · Xen: Xen

1 product

1 product

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

Openstack

Xen

1 product

Xen

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Before 2.8.0

Configuration B

31 vulnerable

Vulnerable Software	Affected Versions
Citrix Xenserver	Version 6.0.2
Citrix Xenserver	Version 6.2.0 sp1
Citrix Xenserver	Version 6.5 sp1
Citrix Xenserver	Version 7.0
Citrix Xenserver	Version 7.1
Debian Debian Linux	Version 7.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.3
Redhat Enterprise Linux Server Eus	Version 7.4
Redhat Enterprise Linux Server Eus	Version 7.5
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Openstack	Version 10
Redhat Openstack	Version 5.0
Redhat Openstack	Version 6.0
Redhat Openstack	Version 7.0
Redhat Openstack	Version 8
Redhat Openstack	Version 9
Xen Xen	Up to 4.7.1
Xen Xen	Version 4.7.1 r1
Xen Xen	Version 4.7.1 r2
Xen Xen	Version 4.7.1 r3
Xen Xen	Version 4.7.1 r4
Xen Xen	Version 4.7.1 r5
Xen Xen	Version 4.7.1 r6
Xen Xen	Version 4.7.1 r7

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (46)

http://rhn.redhat.com/errata/RHSA-2017-0328.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0329.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0330.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0331.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0332.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0333.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0334.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0350.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0351.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0352.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0396.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0454.html

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/02/21/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/96378

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037870

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html

Source: secalert@redhat.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Source: secalert@redhat.com

https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html

Source: secalert@redhat.com

PatchThird Party Advisory

https://security.gentoo.org/glsa/201703-07

Source: secalert@redhat.com

Third Party Advisory

https://security.gentoo.org/glsa/201704-01

Source: secalert@redhat.com

Third Party Advisory

https://support.citrix.com/article/CTX220771

Source: secalert@redhat.com

Third Party Advisory

https://xenbits.xen.org/xsa/advisory-209.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0328.html