ID CVE-2017-15289
Summary The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 07-09-2018 - 10:29)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1501290
    title CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment qemu-img is earlier than 10:1.5.3-141.el7_4.4
          oval oval:com.redhat.rhsa:tst:20173368005
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 10:1.5.3-141.el7_4.4
          oval oval:com.redhat.rhsa:tst:20173368011
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-common is earlier than 10:1.5.3-141.el7_4.4
          oval oval:com.redhat.rhsa:tst:20173368007
        • comment qemu-kvm-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704018
      • AND
        • comment qemu-kvm-tools is earlier than 10:1.5.3-141.el7_4.4
          oval oval:com.redhat.rhsa:tst:20173368009
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2017:3368
    released 2017-11-30
    severity Moderate
    title RHSA-2017:3368: qemu-kvm security update (Moderate)
  • bugzilla
    id 1501290
    title CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment qemu-guest-agent is earlier than 2:0.12.1.2-2.503.el6_9.5
          oval oval:com.redhat.rhsa:tst:20180516005
        • comment qemu-guest-agent is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121234008
      • AND
        • comment qemu-img is earlier than 2:0.12.1.2-2.503.el6_9.5
          oval oval:com.redhat.rhsa:tst:20180516007
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 2:0.12.1.2-2.503.el6_9.5
          oval oval:com.redhat.rhsa:tst:20180516011
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-tools is earlier than 2:0.12.1.2-2.503.el6_9.5
          oval oval:com.redhat.rhsa:tst:20180516009
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2018:0516
    released 2018-03-13
    severity Moderate
    title RHSA-2018:0516: qemu-kvm security update (Moderate)
  • rhsa
    id RHSA-2017:3369
  • rhsa
    id RHSA-2017:3466
  • rhsa
    id RHSA-2017:3470
  • rhsa
    id RHSA-2017:3471
  • rhsa
    id RHSA-2017:3472
  • rhsa
    id RHSA-2017:3473
  • rhsa
    id RHSA-2017:3474
rpms
  • qemu-img-10:1.5.3-141.el7_4.4
  • qemu-kvm-10:1.5.3-141.el7_4.4
  • qemu-kvm-common-10:1.5.3-141.el7_4.4
  • qemu-kvm-tools-10:1.5.3-141.el7_4.4
  • qemu-guest-agent-2:0.12.1.2-2.503.el6_9.5
  • qemu-img-2:0.12.1.2-2.503.el6_9.5
  • qemu-kvm-2:0.12.1.2-2.503.el6_9.5
  • qemu-kvm-tools-2:0.12.1.2-2.503.el6_9.5
refmap via4
bid 101262
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1501290
debian DSA-4213
mlist
  • [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
  • [oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions
  • [qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions
ubuntu USN-3575-1
Last major update 07-09-2018 - 10:29
Published 16-10-2017 - 18:29
Back to Top