CVE-2017-2620
Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de acceso fuera de límites. El problema puede ocurrir al copiar datos VGA en cirrus_bitblt_cputovideo. Un usuario privilegiado dentro de guest podría usar esta vulnerabilidad para bloquear el proceso de QEMU o potencialmente ejecutar código arbitrario en el host con privilegios del proceso de QEMU.
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-01 CVE Reserved
- 2017-02-27 CVE Published
- 2024-07-06 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-787: Out-of-bounds Write
CAPEC
References (25)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2017/02/21/1 | Mailing List | |
http://www.securityfocus.com/bid/96378 | Third Party Advisory | |
http://www.securitytracker.com/id/1037870 | Third Party Advisory | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620 | Issue Tracking | |
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | Mailing List | |
https://support.citrix.com/article/CTX220771 | Third Party Advisory | |
https://xenbits.xen.org/xsa/advisory-209.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html | 2023-11-07 |
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2017-0328.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0329.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0330.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0331.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0332.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0333.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0334.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0350.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0351.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0352.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0396.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2017-0454.html | 2023-11-07 | |
https://security.gentoo.org/glsa/201703-07 | 2023-11-07 | |
https://security.gentoo.org/glsa/201704-01 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2017-2620 | 2017-03-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1420484 | 2017-03-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | < 2.8.0 Search vendor "Qemu" for product "Qemu" and version " < 2.8.0" | - |
Affected
| ||||||
Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.0.2 Search vendor "Citrix" for product "Xenserver" and version "6.0.2" | - |
Affected
| ||||||
Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.2.0 Search vendor "Citrix" for product "Xenserver" and version "6.2.0" | sp1 |
Affected
| ||||||
Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 6.5 Search vendor "Citrix" for product "Xenserver" and version "6.5" | sp1 |
Affected
| ||||||
Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 7.0 Search vendor "Citrix" for product "Xenserver" and version "7.0" | - |
Affected
| ||||||
Citrix Search vendor "Citrix" | Xenserver Search vendor "Citrix" for product "Xenserver" | 7.1 Search vendor "Citrix" for product "Xenserver" and version "7.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 5.0 Search vendor "Redhat" for product "Openstack" and version "5.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 6.0 Search vendor "Redhat" for product "Openstack" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 7.0 Search vendor "Redhat" for product "Openstack" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 8 Search vendor "Redhat" for product "Openstack" and version "8" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 9 Search vendor "Redhat" for product "Openstack" and version "9" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 10 Search vendor "Redhat" for product "Openstack" and version "10" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | <= 4.7.1 Search vendor "Xen" for product "Xen" and version " <= 4.7.1" | - |
Affected
| ||||||
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.1 Search vendor "Xen" for product "Xen" and version "4.7.1" | r1 |
Affected
| ||||||
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.1 Search vendor "Xen" for product "Xen" and version "4.7.1" | r2 |
Affected
| ||||||
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.1 Search vendor "Xen" for product "Xen" and version "4.7.1" | r3 |
Affected
| ||||||
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.1 Search vendor "Xen" for product "Xen" and version "4.7.1" | r4 |
Affected
| ||||||
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.1 Search vendor "Xen" for product "Xen" and version "4.7.1" | r5 |
Affected
| ||||||
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.1 Search vendor "Xen" for product "Xen" and version "4.7.1" | r6 |
Affected
| ||||||
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | 4.7.1 Search vendor "Xen" for product "Xen" and version "4.7.1" | r7 |
Affected
|