CVE-2017-13673
QEMU: VGA: reachable assert failure during display update
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
La actualización de la pantalla VGA en la región calculada inapropiadamente para la instantánea dirty bitmap en el caso de que el modo pantalla dividida sea usado, lo que provoca una denegación de servicio (fallo de aserción) en la función cpu_physical_memory_snapshot_get_dirty.
An assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-24 CVE Reserved
- 2017-08-29 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/09/10/1 | Mailing List |
|
| http://www.securityfocus.com/bid/100527 | Third Party Advisory | |
| https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2018:1104 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2018:1113 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2017-13673 | 2018-04-11 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1486588 | 2018-04-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.8.0 Search vendor "Qemu" for product "Qemu" and version "2.8.0" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.9.0 Search vendor "Qemu" for product "Qemu" and version "2.9.0" | - |
Affected
| ||||||