CVE-2017-13673 - The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split scre

CVE-2017-13673

Summary

The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.

References

Vulnerable Configurations

cpe:2.3:a:qemu:qemu:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:2.9.0:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-617

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

redhat via4

advisories

rhsa
id RHSA-2018:1104
rhsa
id RHSA-2018:1113

rpms

qemu-img-rhev-10:2.10.0-21.el7
qemu-kvm-common-rhev-10:2.10.0-21.el7
qemu-kvm-rhev-10:2.10.0-21.el7
qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7
qemu-kvm-tools-rhev-10:2.10.0-21.el7
qemu-img-rhev-10:2.10.0-21.el7
qemu-kvm-common-rhev-10:2.10.0-21.el7
qemu-kvm-rhev-10:2.10.0-21.el7
qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7
qemu-kvm-tools-rhev-10:2.10.0-21.el7

refmap via4

bid	100527
confirm	https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
mlist	[oss-security] 20170910 Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update
suse	openSUSE-SU-2019:1074

Last major update

03-10-2019 - 00:03

Published

29-08-2017 - 16:29

Last modified

03-10-2019 - 00:03