CVE-2017-7718

hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
qemuqemu
𝑥
≤ 2.8.1.1
qemuqemu
2.9.0:rc0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
hirsute
Fixed 1:2.8+dfsg-3ubuntu3
released
groovy
Fixed 1:2.8+dfsg-3ubuntu3
released
focal
Fixed 1:2.8+dfsg-3ubuntu3
released
eoan
Fixed 1:2.8+dfsg-3ubuntu3
released
disco
Fixed 1:2.8+dfsg-3ubuntu3
released
cosmic
Fixed 1:2.8+dfsg-3ubuntu3
released
bionic
Fixed 1:2.8+dfsg-3ubuntu3
released
artful
Fixed 1:2.8+dfsg-3ubuntu3
released
zesty
Fixed 1:2.8+dfsg-3ubuntu2.2
released
yakkety
Fixed 1:2.6.1+dfsg-0ubuntu5.5
released
xenial
Fixed 1:2.5+dfsg-5ubuntu10.14
released
trusty
Fixed 2.0.0+dfsg-2ubuntu1.34
released
precise
dne
qemu-kvm
hirsute
dne
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
Common Weakness Enumeration
References
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904
http://www.openwall.com/lists/oss-security/2017/04/19/4
http://www.securityfocus.com/bid/97957
https://access.redhat.com/errata/RHSA-2017:0980
https://access.redhat.com/errata/RHSA-2017:0981
https://access.redhat.com/errata/RHSA-2017:0982
https://access.redhat.com/errata/RHSA-2017:0983
https://access.redhat.com/errata/RHSA-2017:0984
https://access.redhat.com/errata/RHSA-2017:0988
https://access.redhat.com/errata/RHSA-2017:1205
https://access.redhat.com/errata/RHSA-2017:1206
https://access.redhat.com/errata/RHSA-2017:1430
https://access.redhat.com/errata/RHSA-2017:1431
https://access.redhat.com/errata/RHSA-2017:1441
https://bugzilla.redhat.com/show_bug.cgi?id=1443441
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://security.gentoo.org/glsa/201706-03
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904
http://www.openwall.com/lists/oss-security/2017/04/19/4
http://www.securityfocus.com/bid/97957
https://access.redhat.com/errata/RHSA-2017:0980
https://access.redhat.com/errata/RHSA-2017:0981
https://access.redhat.com/errata/RHSA-2017:0982
https://access.redhat.com/errata/RHSA-2017:0983
https://access.redhat.com/errata/RHSA-2017:0984
https://access.redhat.com/errata/RHSA-2017:0988
https://access.redhat.com/errata/RHSA-2017:1205
https://access.redhat.com/errata/RHSA-2017:1206
https://access.redhat.com/errata/RHSA-2017:1430
https://access.redhat.com/errata/RHSA-2017:1431
https://access.redhat.com/errata/RHSA-2017:1441
https://bugzilla.redhat.com/show_bug.cgi?id=1443441
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://security.gentoo.org/glsa/201706-03