CVE-2017-2615
03.07.2018, 01:29
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.Enginsight
| Vendor | Product | Version |
|---|---|---|
| qemu | qemu | 𝑥 ≤ 2.8.0 |
| citrix | xenserver | 6.0.2 |
| citrix | xenserver | 6.2.0:sp1 |
| citrix | xenserver | 6.5:sp1 |
| citrix | xenserver | 7.0 |
| citrix | xenserver | 7.1 |
| redhat | openstack | 5.0 |
| redhat | openstack | 6.0 |
| redhat | openstack | 7.0 |
| debian | debian_linux | 7.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| xen | xen | 𝑥 ≤ 4.7.1 |
| xen | xen | 4.7.1:r1 |
| xen | xen | 4.7.1:r2 |
| xen | xen | 4.7.1:r3 |
| xen | xen | 4.7.1:r4 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| qemu |
| ||||||||||||||||||||||||||
| qemu-kvm |
| ||||||||||||||||||||||||||
| xen |
|
Common Weakness Enumeration
References