Vulnerability-Lookup

CVE-2017-15124 (GCVE-0-2017-15124)

Vulnerability from cvelistv5 – Published: 2018-01-09 21:00 – Updated: 2024-08-05 19:50

Summary

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.

Severity ?

No CVSS data available.

CWE

CWE-770

Assigner

redhat

References

8 references

URL	Tags
http://www.securityfocus.com/bid/102295	vdb-entryx_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1525195	x_refsource_CONFIRM
https://www.debian.org/security/2018/dsa-4213	vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0816	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1104	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1113	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3575-1/	vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3062	vendor-advisoryx_refsource_REDHAT

Impacted products

1 product

Vendor	Product	Version
QEMU	Qemu	Affected: 2.11.0 and older

Date Public ?

2017-12-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:50:16.166Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102295",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102295"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
          },
          {
            "name": "DSA-4213",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4213"
          },
          {
            "name": "RHSA-2018:0816",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0816"
          },
          {
            "name": "RHSA-2018:1104",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1104"
          },
          {
            "name": "RHSA-2018:1113",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1113"
          },
          {
            "name": "USN-3575-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3575-1/"
          },
          {
            "name": "RHSA-2018:3062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Qemu",
          "vendor": "QEMU",
          "versions": [
            {
              "status": "affected",
              "version": "2.11.0 and older"
            }
          ]
        }
      ],
      "datePublic": "2017-12-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "102295",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102295"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
        },
        {
          "name": "DSA-4213",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4213"
        },
        {
          "name": "RHSA-2018:0816",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0816"
        },
        {
          "name": "RHSA-2018:1104",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1104"
        },
        {
          "name": "RHSA-2018:1113",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1113"
        },
        {
          "name": "USN-3575-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3575-1/"
        },
        {
          "name": "RHSA-2018:3062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3062"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-15124",
    "datePublished": "2018-01-09T21:00:00.000Z",
    "dateReserved": "2017-10-08T00:00:00.000Z",
    "dateUpdated": "2024-08-05T19:50:16.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-15124",
      "date": "2026-05-21",
      "epss": "0.00759",
      "percentile": "0.73531"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.11.0\", \"matchCriteriaId\": \"D424025B-4108-494F-9F84-492EF5B4B5E5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto que la implementaci\\u00f3n del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignaci\\u00f3n de memoria sin enlazar, ya que no limit\\u00f3 las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. Un cliente VCN malicioso remoto podr\\u00eda emplear este fallo para provocar DoS en el host del servidor.\"}]",
      "id": "CVE-2017-15124",
      "lastModified": "2024-11-21T03:14:07.103",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-01-09T21:29:00.343",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102295\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0816\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1104\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1113\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3062\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1525195\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3575-1/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4213\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/102295\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0816\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1104\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1113\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1525195\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3575-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4213\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-15124\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-01-09T21:29:00.343\",\"lastModified\":\"2024-11-21T03:14:07.103\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto que la implementaci\u00f3n del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignaci\u00f3n de memoria sin enlazar, ya que no limit\u00f3 las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. Un cliente VCN malicioso remoto podr\u00eda emplear este fallo para provocar DoS en el host del servidor.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.11.0\",\"matchCriteriaId\":\"D424025B-4108-494F-9F84-492EF5B4B5E5\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102295\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0816\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1104\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1113\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3062\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1525195\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3575-1/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4213\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/102295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1525195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3575-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

BDU:2018-00519

Vulnerability from fstec - Published: 12.12.2017

Title

Уязвимость реализации VNC-сервера эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость реализации VNC-сервера эмулятора аппаратного обеспечения QEMU связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Fabrice Bellard, ООО «РусБИТех-Астра»

Software Name

QEMU, Astra Linux Special Edition (запись в едином реестре российских программ №369)

Software Version

до 2.11.0 включительно (QEMU), 1.6 «Смоленск» (Astra Linux Special Edition)

Possible Mitigations

ля QEMU: Обновление программного обеспечения до 2.11.1 или более поздней версии Использование рекомендаций: https://git.qemu.org/?p=qemu.git;a=patch;h=f887cf165db20f405cb8805c716bd363aaadf815 Для Astra Linux: Обновление программного обеспечения (пакета qemu) до 1:2.8+dfsg-6+deb9u4 или более поздней версии

Reference

https://bugzilla.redhat.com/show_bug.cgi?d=1525195 https://usn.ubuntu.com/3575-1/ https://git.qemu.org/?p=qemu.git;a=patch;h=f887cf165db20f405cb8805c716bd363aaadf815 https://www.openwall.com/lists/oss-security/2017/12/19/4 https://nvd.nist.gov/vuln/detail/CVE-2017-15124 https://security-tracker.debian.org/tracker/CVE-2017-15124

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Fabrice Bellard, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 2.11.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (QEMU), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u043b\u044f QEMU:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 2.11.1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://git.qemu.org/?p=qemu.git;a=patch;h=f887cf165db20f405cb8805c716bd363aaadf815\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 qemu) \u0434\u043e 1:2.8+dfsg-6+deb9u4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.12.2017",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.04.2018",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-00519",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-15124",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "QEMU, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 VNC-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f QEMU, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 VNC-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f QEMU \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.redhat.com/show_bug.cgi?d=1525195\nhttps://usn.ubuntu.com/3575-1/\nhttps://git.qemu.org/?p=qemu.git;a=patch;h=f887cf165db20f405cb8805c716bd363aaadf815\nhttps://www.openwall.com/lists/oss-security/2017/12/19/4\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15124\nhttps://security-tracker.debian.org/tracker/CVE-2017-15124",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CNVD-2018-03060

Vulnerability from cnvd - Published: 2018-02-09

Title

QEMU拒绝服务漏洞（CNVD-2018-03060）

Description

QEMU（又名Quick Emulator）是法国程序员法布里斯-贝拉（Fabrice Bellard）所研发的一套模拟处理器软件。该软件具有速度快、跨平台等特点。 QEMU 2.14.3之前的版本中的VNC server实现存在安全漏洞，该漏洞源于程序未能限制发送到客户端上帧缓存区更新。攻击者可利用该漏洞造成拒绝服务。

Severity

高

Patch Name

QEMU拒绝服务漏洞（CNVD-2018-03060）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.qemu.org/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-15124

Impacted products

Name
QEMU QEMU <2.14.3

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102295"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-15124",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15124"
    }
  },
  "description": "QEMU\uff08\u53c8\u540dQuick Emulator\uff09\u662f\u6cd5\u56fd\u7a0b\u5e8f\u5458\u6cd5\u5e03\u91cc\u65af-\u8d1d\u62c9\uff08Fabrice Bellard\uff09\u6240\u7814\u53d1\u7684\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u901f\u5ea6\u5feb\u3001\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\r\n\r\nQEMU 2.14.3\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684VNC server\u5b9e\u73b0\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9650\u5236\u53d1\u9001\u5230\u5ba2\u6237\u7aef\u4e0a\u5e27\u7f13\u5b58\u533a\u66f4\u65b0\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.qemu.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-03060",
  "openTime": "2018-02-09",
  "patchDescription": "QEMU\uff08\u53c8\u540dQuick Emulator\uff09\u662f\u6cd5\u56fd\u7a0b\u5e8f\u5458\u6cd5\u5e03\u91cc\u65af-\u8d1d\u62c9\uff08Fabrice Bellard\uff09\u6240\u7814\u53d1\u7684\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u901f\u5ea6\u5feb\u3001\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\r\n\r\nQEMU 2.14.3\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684VNC server\u5b9e\u73b0\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9650\u5236\u53d1\u9001\u5230\u5ba2\u6237\u7aef\u4e0a\u5e27\u7f13\u5b58\u533a\u66f4\u65b0\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "QEMU\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-03060\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "QEMU QEMU \u003c2.14.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15124",
  "serverity": "\u9ad8",
  "submitTime": "2018-01-05",
  "title": "QEMU\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2018-03060\uff09"
}

FKIE_CVE-2017-15124

Vulnerability from fkie_nvd - Published: 2018-01-09 21:29 - Updated: 2024-11-21 03:14

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secalert@redhat.com	http://www.securityfocus.com/bid/102295
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:0816
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:1104
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:1113
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:3062
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1525195	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://usn.ubuntu.com/3575-1/
secalert@redhat.com	https://www.debian.org/security/2018/dsa-4213
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102295
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0816
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:1104
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:1113
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:3062
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1525195	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3575-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4213

Impacted products

	Vendor	Product	Version
	qemu	qemu	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D424025B-4108-494F-9F84-492EF5B4B5E5",
              "versionEndIncluding": "2.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto que la implementaci\u00f3n del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignaci\u00f3n de memoria sin enlazar, ya que no limit\u00f3 las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. Un cliente VCN malicioso remoto podr\u00eda emplear este fallo para provocar DoS en el host del servidor."
    }
  ],
  "id": "CVE-2017-15124",
  "lastModified": "2024-11-21T03:14:07.103",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-09T21:29:00.343",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/102295"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:0816"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:1104"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:1113"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:3062"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://usn.ubuntu.com/3575-1/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/102295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:0816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:1104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:1113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:3062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3575-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2018/dsa-4213"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GHSA-7HXC-FQ33-47VP

Vulnerability from github – Published: 2022-05-14 02:03 – Updated: 2022-05-14 02:03

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-15124"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-770"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-09T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.",
  "id": "GHSA-7hxc-fq33-47vp",
  "modified": "2022-05-14T02:03:26Z",
  "published": "2022-05-14T02:03:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15124"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0816"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1104"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1113"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3062"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2017-15124"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3575-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102295"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-15124

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2017-15124

Aliases

CVE-2017-15124

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-15124",
    "description": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.",
    "id": "GSD-2017-15124",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-15124.html",
      "https://www.debian.org/security/2018/dsa-4213",
      "https://access.redhat.com/errata/RHSA-2018:3062",
      "https://access.redhat.com/errata/RHSA-2018:1113",
      "https://access.redhat.com/errata/RHSA-2018:1104",
      "https://access.redhat.com/errata/RHSA-2018:0816",
      "https://ubuntu.com/security/CVE-2017-15124",
      "https://alas.aws.amazon.com/cve/html/CVE-2017-15124.html",
      "https://linux.oracle.com/cve/CVE-2017-15124.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-15124"
      ],
      "details": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.",
      "id": "GSD-2017-15124",
      "modified": "2023-12-13T01:20:58.761915Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2017-15124",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Qemu",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "2.11.0 and older"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "QEMU"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-770",
                "lang": "eng",
                "value": "CWE-770"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.securityfocus.com/bid/102295",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/102295"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2018:0816",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2018:0816"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2018:1104",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2018:1104"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2018:1113",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2018:1113"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2018:3062",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2018:3062"
          },
          {
            "name": "https://usn.ubuntu.com/3575-1/",
            "refsource": "MISC",
            "url": "https://usn.ubuntu.com/3575-1/"
          },
          {
            "name": "https://www.debian.org/security/2018/dsa-4213",
            "refsource": "MISC",
            "url": "https://www.debian.org/security/2018/dsa-4213"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.11.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-15124"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-770"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
            },
            {
              "name": "USN-3575-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/3575-1/"
            },
            {
              "name": "RHSA-2018:1104",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2018:1104"
            },
            {
              "name": "RHSA-2018:0816",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2018:0816"
            },
            {
              "name": "RHSA-2018:1113",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2018:1113"
            },
            {
              "name": "102295",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/102295"
            },
            {
              "name": "DSA-4213",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "https://www.debian.org/security/2018/dsa-4213"
            },
            {
              "name": "RHSA-2018:3062",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2018:3062"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-12T23:28Z",
      "publishedDate": "2018-01-09T21:29Z"
    }
  }
}

RHSA-2018:0816

Vulnerability from csaf_redhat - Published: 2018-04-10 08:47 - Updated: 2026-05-13 01:18

Summary

Red Hat Security Advisory: qemu-kvm security, bug fix, and enhancement update

Severity

Low

Notes

Topic: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Slirp: use-after-free when sending response (CVE-2017-13711) * Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124) * Qemu: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268) * Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank David Buchanan for reporting CVE-2017-13672; Wjjzhang (Tencent.com) for reporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683. The CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2017-13672

An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.

3.0 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 24 products

Product	Version	Remediation
Unresolved product id: 7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-13711

A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service.

3.4 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-416 - Use After Free

Affected products

Fixed 24 products

Product	Version	Remediation
Unresolved product id: 7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-15124

VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.

3.5 (Low)


                        
                          CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 24 products

Product	Version	Remediation
Unresolved product id: 7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-15268

A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a denial of service on the host and/or potentially crash the QEMU process instance on the host.

3.0 (Low)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 24 products

Product	Version	Remediation
Unresolved product id: 7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2018-5683

An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS.

3.0 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 24 products

Product	Version	Remediation
Unresolved product id: 7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

References

47 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:0816	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-US/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1411490	external
https://bugzilla.redhat.com/show_bug.cgi?id=1417864	external
https://bugzilla.redhat.com/show_bug.cgi?id=1435352	external
https://bugzilla.redhat.com/show_bug.cgi?id=1450396	external
https://bugzilla.redhat.com/show_bug.cgi?id=1455451	external
https://bugzilla.redhat.com/show_bug.cgi?id=1459725	external
https://bugzilla.redhat.com/show_bug.cgi?id=1460872	external
https://bugzilla.redhat.com/show_bug.cgi?id=1461672	external
https://bugzilla.redhat.com/show_bug.cgi?id=1470244	external
https://bugzilla.redhat.com/show_bug.cgi?id=1473536	external
https://bugzilla.redhat.com/show_bug.cgi?id=1476641	external
https://bugzilla.redhat.com/show_bug.cgi?id=1486400	external
https://bugzilla.redhat.com/show_bug.cgi?id=1486560	external
https://bugzilla.redhat.com/show_bug.cgi?id=1491434	external
https://bugzilla.redhat.com/show_bug.cgi?id=1492559	external
https://bugzilla.redhat.com/show_bug.cgi?id=1494181	external
https://bugzilla.redhat.com/show_bug.cgi?id=1496879	external
https://bugzilla.redhat.com/show_bug.cgi?id=1511802	external
https://bugzilla.redhat.com/show_bug.cgi?id=1520793	external
https://bugzilla.redhat.com/show_bug.cgi?id=1525195	external
https://bugzilla.redhat.com/show_bug.cgi?id=1530356	external
https://bugzilla.redhat.com/show_bug.cgi?id=1536883	external
https://bugzilla.redhat.com/show_bug.cgi?id=1538866	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2017-13672	self
https://bugzilla.redhat.com/show_bug.cgi?id=1486560	external
https://www.cve.org/CVERecord?id=CVE-2017-13672	external
https://nvd.nist.gov/vuln/detail/CVE-2017-13672	external
https://access.redhat.com/security/cve/CVE-2017-13711	self
https://bugzilla.redhat.com/show_bug.cgi?id=1486400	external
https://www.cve.org/CVERecord?id=CVE-2017-13711	external
https://nvd.nist.gov/vuln/detail/CVE-2017-13711	external
https://access.redhat.com/security/cve/CVE-2017-15124	self
https://bugzilla.redhat.com/show_bug.cgi?id=1525195	external
https://www.cve.org/CVERecord?id=CVE-2017-15124	external
https://nvd.nist.gov/vuln/detail/CVE-2017-15124	external
https://access.redhat.com/security/cve/CVE-2017-15268	self
https://bugzilla.redhat.com/show_bug.cgi?id=1496879	external
https://www.cve.org/CVERecord?id=CVE-2017-15268	external
https://nvd.nist.gov/vuln/detail/CVE-2017-15268	external
https://access.redhat.com/security/cve/CVE-2018-5683	self
https://bugzilla.redhat.com/show_bug.cgi?id=1530356	external
https://www.cve.org/CVERecord?id=CVE-2018-5683	external
https://nvd.nist.gov/vuln/detail/CVE-2018-5683	external

Acknowledgments

David Buchanan

Tencent.com Wjjzhang

Red Hat Daniel Berrange

Jiang Xin Lin ZheCheng

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* Qemu: vga: OOB read access during display update (CVE-2017-13672)\n\n* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)\n\n* Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124)\n\n* Qemu: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268)\n\n* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Buchanan for reporting CVE-2017-13672; Wjjzhang (Tencent.com) for reporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683. The CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:0816",
        "url": "https://access.redhat.com/errata/RHSA-2018:0816"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html",
        "url": "https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/html/7.5_release_notes/index.html"
      },
      {
        "category": "external",
        "summary": "1411490",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411490"
      },
      {
        "category": "external",
        "summary": "1417864",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417864"
      },
      {
        "category": "external",
        "summary": "1435352",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1435352"
      },
      {
        "category": "external",
        "summary": "1450396",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450396"
      },
      {
        "category": "external",
        "summary": "1455451",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455451"
      },
      {
        "category": "external",
        "summary": "1459725",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459725"
      },
      {
        "category": "external",
        "summary": "1460872",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460872"
      },
      {
        "category": "external",
        "summary": "1461672",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461672"
      },
      {
        "category": "external",
        "summary": "1470244",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470244"
      },
      {
        "category": "external",
        "summary": "1473536",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473536"
      },
      {
        "category": "external",
        "summary": "1476641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1476641"
      },
      {
        "category": "external",
        "summary": "1486400",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486400"
      },
      {
        "category": "external",
        "summary": "1486560",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560"
      },
      {
        "category": "external",
        "summary": "1491434",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491434"
      },
      {
        "category": "external",
        "summary": "1492559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492559"
      },
      {
        "category": "external",
        "summary": "1494181",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494181"
      },
      {
        "category": "external",
        "summary": "1496879",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1496879"
      },
      {
        "category": "external",
        "summary": "1511802",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1511802"
      },
      {
        "category": "external",
        "summary": "1520793",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520793"
      },
      {
        "category": "external",
        "summary": "1525195",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
      },
      {
        "category": "external",
        "summary": "1530356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530356"
      },
      {
        "category": "external",
        "summary": "1536883",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536883"
      },
      {
        "category": "external",
        "summary": "1538866",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538866"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0816.json"
      }
    ],
    "title": "Red Hat Security Advisory: qemu-kvm security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-05-13T01:18:08+00:00",
      "generator": {
        "date": "2026-05-13T01:18:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.9"
        }
      },
      "id": "RHSA-2018:0816",
      "initial_release_date": "2018-04-10T08:47:03+00:00",
      "revision_history": [
        {
          "date": "2018-04-10T08:47:03+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-04-10T08:47:03+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-13T01:18:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client (v. 7)",
                  "product_id": "7Client-7.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
                  "product_id": "7ComputeNode-optional-7.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-7.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-kvm-common-10:1.5.3-156.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-common-10:1.5.3-156.el7.x86_64",
                  "product_id": "qemu-kvm-common-10:1.5.3-156.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-common@1.5.3-156.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
                  "product_id": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-debuginfo@1.5.3-156.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
                  "product_id": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-tools@1.5.3-156.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-10:1.5.3-156.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-10:1.5.3-156.el7.x86_64",
                  "product_id": "qemu-kvm-10:1.5.3-156.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm@1.5.3-156.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-img-10:1.5.3-156.el7.x86_64",
                "product": {
                  "name": "qemu-img-10:1.5.3-156.el7.x86_64",
                  "product_id": "qemu-img-10:1.5.3-156.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-img@1.5.3-156.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-kvm-10:1.5.3-156.el7.src",
                "product": {
                  "name": "qemu-kvm-10:1.5.3-156.el7.src",
                  "product_id": "qemu-kvm-10:1.5.3-156.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm@1.5.3-156.el7?arch=src\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-img-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Client-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-10:1.5.3-156.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src"
        },
        "product_reference": "qemu-kvm-10:1.5.3-156.el7.src",
        "relates_to_product_reference": "7Client-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Client-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-common-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Client-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Client-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Client-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-img-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-10:1.5.3-156.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src"
        },
        "product_reference": "qemu-kvm-10:1.5.3-156.el7.src",
        "relates_to_product_reference": "7ComputeNode-optional-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-common-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
          "product_id": "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-optional-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-img-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Server-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-10:1.5.3-156.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src"
        },
        "product_reference": "qemu-kvm-10:1.5.3-156.el7.src",
        "relates_to_product_reference": "7Server-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Server-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-common-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Server-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Server-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Server-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-img-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Workstation-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-10:1.5.3-156.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src"
        },
        "product_reference": "qemu-kvm-10:1.5.3-156.el7.src",
        "relates_to_product_reference": "7Workstation-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Workstation-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-common-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Workstation-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Workstation-7.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
        },
        "product_reference": "qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
        "relates_to_product_reference": "7Workstation-7.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "David Buchanan"
          ]
        }
      ],
      "cve": "CVE-2017-13672",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2017-08-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1486560"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: vga: OOB read access during display update",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-13672"
        },
        {
          "category": "external",
          "summary": "RHBZ#1486560",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-13672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13672",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13672"
        }
      ],
      "release_date": "2017-08-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T08:47:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0816"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: vga: OOB read access during display update"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Wjjzhang"
          ],
          "organization": "Tencent.com"
        }
      ],
      "cve": "CVE-2017-13711",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2017-06-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1486400"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: Slirp: use-after-free when sending response",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-13711"
        },
        {
          "category": "external",
          "summary": "RHBZ#1486400",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486400"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-13711",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13711",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13711"
        }
      ],
      "release_date": "2017-08-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T08:47:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0816"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: Slirp: use-after-free when sending response"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Daniel Berrange"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-15124",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2017-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1525195"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Qemu: memory exhaustion through framebuffer update request message in VNC server",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15124"
        },
        {
          "category": "external",
          "summary": "RHBZ#1525195",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15124",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15124"
        }
      ],
      "release_date": "2017-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T08:47:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0816"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Qemu: memory exhaustion through framebuffer update request message in VNC server"
    },
    {
      "cve": "CVE-2017-15268",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2017-09-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1496879"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a denial of service on the host and/or potentially crash the QEMU process instance on the host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: I/O: potential memory exhaustion via websock connection to VNC",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15268"
        },
        {
          "category": "external",
          "summary": "RHBZ#1496879",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1496879"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15268",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15268"
        }
      ],
      "release_date": "2017-09-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T08:47:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0816"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: I/O: potential memory exhaustion via websock connection to VNC"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jiang Xin",
            "Lin ZheCheng"
          ]
        }
      ],
      "cve": "CVE-2018-5683",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2017-12-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1530356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Qemu: Out-of-bounds read in vga_draw_text routine",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
          "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
          "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5683"
        },
        {
          "category": "external",
          "summary": "RHBZ#1530356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5683",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5683"
        }
      ],
      "release_date": "2017-12-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T08:47:03+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0816"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Client-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Client-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Client-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7ComputeNode-optional-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7ComputeNode-optional-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Server-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Server-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-img-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.src",
            "7Workstation-7.5:qemu-kvm-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-common-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-debuginfo-10:1.5.3-156.el7.x86_64",
            "7Workstation-7.5:qemu-kvm-tools-10:1.5.3-156.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Qemu: Out-of-bounds read in vga_draw_text routine"
    }
  ]
}

RHSA-2018:1104

Vulnerability from csaf_redhat - Published: 2018-04-10 18:54 - Updated: 2026-05-13 01:18

Summary

Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update

Severity

Important

Notes

Topic: An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. The following packages have been upgraded to a later upstream version: qemu-kvm-rhev (2.10.0). (BZ#1470749) Security Fix(es): * Qemu: stack buffer overflow in NBD server triggered via long export name (CVE-2017-15118) * Qemu: DoS via large option request (CVE-2017-15119) * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: vga: reachable assert failure during display update (CVE-2017-13673) * Qemu: Slirp: use-after-free when sending response (CVE-2017-13711) * Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124) * Qemu: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268) * Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank David Buchanan for reporting CVE-2017-13672 and CVE-2017-13673; Wjjzhang (Tencent.com) for reporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683. The CVE-2017-15118 and CVE-2017-15119 issues were discovered by Eric Blake (Red Hat) and the CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat).

CVE-2017-13672

3.0 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-13673

An assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service.

3.0 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-617 - Reachable Assertion

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-13711

3.4 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-416 - Use After Free

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-15118

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, allowing causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.

8.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE-121 - Stack-based Buffer Overflow

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2017-15119

The Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.

5.8 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2017-15124

3.5 (Low)


                        
                          CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-15268

3.0 (Low)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2018-5683

3.0 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

References

160 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:1104	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1139507	external
https://bugzilla.redhat.com/show_bug.cgi?id=1178472	external
https://bugzilla.redhat.com/show_bug.cgi?id=1212715	external
https://bugzilla.redhat.com/show_bug.cgi?id=1213786	external
https://bugzilla.redhat.com/show_bug.cgi?id=1285044	external
https://bugzilla.redhat.com/show_bug.cgi?id=1305398	external
https://bugzilla.redhat.com/show_bug.cgi?id=1320114	external
https://bugzilla.redhat.com/show_bug.cgi?id=1344299	external
https://bugzilla.redhat.com/show_bug.cgi?id=1372583	external
https://bugzilla.redhat.com/show_bug.cgi?id=1378241	external
https://bugzilla.redhat.com/show_bug.cgi?id=1390346	external
https://bugzilla.redhat.com/show_bug.cgi?id=1390348	external
https://bugzilla.redhat.com/show_bug.cgi?id=1398633	external
https://bugzilla.redhat.com/show_bug.cgi?id=1406803	external
https://bugzilla.redhat.com/show_bug.cgi?id=1414049	external
https://bugzilla.redhat.com/show_bug.cgi?id=1433670	external
https://bugzilla.redhat.com/show_bug.cgi?id=1434321	external
https://bugzilla.redhat.com/show_bug.cgi?id=1437113	external
https://bugzilla.redhat.com/show_bug.cgi?id=1441460	external
https://bugzilla.redhat.com/show_bug.cgi?id=1441684	external
https://bugzilla.redhat.com/show_bug.cgi?id=1441938	external
https://bugzilla.redhat.com/show_bug.cgi?id=1443877	external
https://bugzilla.redhat.com/show_bug.cgi?id=1445834	external
https://bugzilla.redhat.com/show_bug.cgi?id=1446565	external
https://bugzilla.redhat.com/show_bug.cgi?id=1447258	external
https://bugzilla.redhat.com/show_bug.cgi?id=1447413	external
https://bugzilla.redhat.com/show_bug.cgi?id=1448344	external
https://bugzilla.redhat.com/show_bug.cgi?id=1449067	external
https://bugzilla.redhat.com/show_bug.cgi?id=1449609	external
https://bugzilla.redhat.com/show_bug.cgi?id=1449991	external
https://bugzilla.redhat.com/show_bug.cgi?id=1451015	external
https://bugzilla.redhat.com/show_bug.cgi?id=1451189	external
https://bugzilla.redhat.com/show_bug.cgi?id=1451269	external
https://bugzilla.redhat.com/show_bug.cgi?id=1453167	external
https://bugzilla.redhat.com/show_bug.cgi?id=1454362	external
https://bugzilla.redhat.com/show_bug.cgi?id=1454367	external
https://bugzilla.redhat.com/show_bug.cgi?id=1455074	external
https://bugzilla.redhat.com/show_bug.cgi?id=1457662	external
https://bugzilla.redhat.com/show_bug.cgi?id=1459906	external
https://bugzilla.redhat.com/show_bug.cgi?id=1459945	external
https://bugzilla.redhat.com/show_bug.cgi?id=1460119	external
https://bugzilla.redhat.com/show_bug.cgi?id=1460595	external
https://bugzilla.redhat.com/show_bug.cgi?id=1460848	external
https://bugzilla.redhat.com/show_bug.cgi?id=1462145	external
https://bugzilla.redhat.com/show_bug.cgi?id=1463172	external
https://bugzilla.redhat.com/show_bug.cgi?id=1464908	external
https://bugzilla.redhat.com/show_bug.cgi?id=1465799	external
https://bugzilla.redhat.com/show_bug.cgi?id=1468260	external
https://bugzilla.redhat.com/show_bug.cgi?id=1470634	external
https://bugzilla.redhat.com/show_bug.cgi?id=1472756	external
https://bugzilla.redhat.com/show_bug.cgi?id=1474464	external
https://bugzilla.redhat.com/show_bug.cgi?id=1475634	external
https://bugzilla.redhat.com/show_bug.cgi?id=1476121	external
https://bugzilla.redhat.com/show_bug.cgi?id=1481593	external
https://bugzilla.redhat.com/show_bug.cgi?id=1482478	external
https://bugzilla.redhat.com/show_bug.cgi?id=1486400	external
https://bugzilla.redhat.com/show_bug.cgi?id=1486560	external
https://bugzilla.redhat.com/show_bug.cgi?id=1486588	external
https://bugzilla.redhat.com/show_bug.cgi?id=1489670	external
https://bugzilla.redhat.com/show_bug.cgi?id=1489800	external
https://bugzilla.redhat.com/show_bug.cgi?id=1491909	external
https://bugzilla.redhat.com/show_bug.cgi?id=1492178	external
https://bugzilla.redhat.com/show_bug.cgi?id=1492295	external
https://bugzilla.redhat.com/show_bug.cgi?id=1495090	external
https://bugzilla.redhat.com/show_bug.cgi?id=1495456	external
https://bugzilla.redhat.com/show_bug.cgi?id=1496879	external
https://bugzilla.redhat.com/show_bug.cgi?id=1497120	external
https://bugzilla.redhat.com/show_bug.cgi?id=1497137	external
https://bugzilla.redhat.com/show_bug.cgi?id=1497740	external
https://bugzilla.redhat.com/show_bug.cgi?id=1498042	external
https://bugzilla.redhat.com/show_bug.cgi?id=1498496	external
https://bugzilla.redhat.com/show_bug.cgi?id=1498754	external
https://bugzilla.redhat.com/show_bug.cgi?id=1498817	external
https://bugzilla.redhat.com/show_bug.cgi?id=1498865	external
https://bugzilla.redhat.com/show_bug.cgi?id=1499011	external
https://bugzilla.redhat.com/show_bug.cgi?id=1499647	external
https://bugzilla.redhat.com/show_bug.cgi?id=1500181	external
https://bugzilla.redhat.com/show_bug.cgi?id=1500334	external
https://bugzilla.redhat.com/show_bug.cgi?id=1501240	external
https://bugzilla.redhat.com/show_bug.cgi?id=1501337	external
https://bugzilla.redhat.com/show_bug.cgi?id=1501468	external
https://bugzilla.redhat.com/show_bug.cgi?id=1502949	external
https://bugzilla.redhat.com/show_bug.cgi?id=1505654	external
https://bugzilla.redhat.com/show_bug.cgi?id=1505696	external
https://bugzilla.redhat.com/show_bug.cgi?id=1505701	external
https://bugzilla.redhat.com/show_bug.cgi?id=1506151	external
https://bugzilla.redhat.com/show_bug.cgi?id=1506531	external
https://bugzilla.redhat.com/show_bug.cgi?id=1506882	external
https://bugzilla.redhat.com/show_bug.cgi?id=1507693	external
https://bugzilla.redhat.com/show_bug.cgi?id=1508271	external
https://bugzilla.redhat.com/show_bug.cgi?id=1508799	external
https://bugzilla.redhat.com/show_bug.cgi?id=1508886	external
https://bugzilla.redhat.com/show_bug.cgi?id=1510809	external
https://bugzilla.redhat.com/show_bug.cgi?id=1511312	external
https://bugzilla.redhat.com/show_bug.cgi?id=1513870	external
https://bugzilla.redhat.com/show_bug.cgi?id=1515173	external
https://bugzilla.redhat.com/show_bug.cgi?id=1515393	external
https://bugzilla.redhat.com/show_bug.cgi?id=1515604	external
https://bugzilla.redhat.com/show_bug.cgi?id=1516922	external
https://bugzilla.redhat.com/show_bug.cgi?id=1516925	external
https://bugzilla.redhat.com/show_bug.cgi?id=1517144	external
https://bugzilla.redhat.com/show_bug.cgi?id=1518482	external
https://bugzilla.redhat.com/show_bug.cgi?id=1518649	external
https://bugzilla.redhat.com/show_bug.cgi?id=1519721	external
https://bugzilla.redhat.com/show_bug.cgi?id=1520294	external
https://bugzilla.redhat.com/show_bug.cgi?id=1520824	external
https://bugzilla.redhat.com/show_bug.cgi?id=1523414	external
https://bugzilla.redhat.com/show_bug.cgi?id=1525195	external
https://bugzilla.redhat.com/show_bug.cgi?id=1525324	external
https://bugzilla.redhat.com/show_bug.cgi?id=1525868	external
https://bugzilla.redhat.com/show_bug.cgi?id=1526212	external
https://bugzilla.redhat.com/show_bug.cgi?id=1526423	external
https://bugzilla.redhat.com/show_bug.cgi?id=1528173	external
https://bugzilla.redhat.com/show_bug.cgi?id=1529053	external
https://bugzilla.redhat.com/show_bug.cgi?id=1529243	external
https://bugzilla.redhat.com/show_bug.cgi?id=1529676	external
https://bugzilla.redhat.com/show_bug.cgi?id=1530356	external
https://bugzilla.redhat.com/show_bug.cgi?id=1534491	external
https://bugzilla.redhat.com/show_bug.cgi?id=1535752	external
https://bugzilla.redhat.com/show_bug.cgi?id=1535992	external
https://bugzilla.redhat.com/show_bug.cgi?id=1538494	external
https://bugzilla.redhat.com/show_bug.cgi?id=1538953	external
https://bugzilla.redhat.com/show_bug.cgi?id=1540003	external
https://bugzilla.redhat.com/show_bug.cgi?id=1540182	external
https://bugzilla.redhat.com/show_bug.cgi?id=1542045	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2017-13672	self
https://bugzilla.redhat.com/show_bug.cgi?id=1486560	external
https://www.cve.org/CVERecord?id=CVE-2017-13672	external
https://nvd.nist.gov/vuln/detail/CVE-2017-13672	external
https://access.redhat.com/security/cve/CVE-2017-13673	self
https://bugzilla.redhat.com/show_bug.cgi?id=1486588	external
https://www.cve.org/CVERecord?id=CVE-2017-13673	external
https://nvd.nist.gov/vuln/detail/CVE-2017-13673	external
https://access.redhat.com/security/cve/CVE-2017-13711	self
https://bugzilla.redhat.com/show_bug.cgi?id=1486400	external
https://www.cve.org/CVERecord?id=CVE-2017-13711	external
https://nvd.nist.gov/vuln/detail/CVE-2017-13711	external
https://access.redhat.com/security/cve/CVE-2017-15118	self
https://bugzilla.redhat.com/show_bug.cgi?id=1516922	external
https://www.cve.org/CVERecord?id=CVE-2017-15118	external
https://nvd.nist.gov/vuln/detail/CVE-2017-15118	external
https://access.redhat.com/security/cve/CVE-2017-15119	self
https://bugzilla.redhat.com/show_bug.cgi?id=1516925	external
https://www.cve.org/CVERecord?id=CVE-2017-15119	external
https://nvd.nist.gov/vuln/detail/CVE-2017-15119	external
https://access.redhat.com/security/cve/CVE-2017-15124	self
https://bugzilla.redhat.com/show_bug.cgi?id=1525195	external
https://www.cve.org/CVERecord?id=CVE-2017-15124	external
https://nvd.nist.gov/vuln/detail/CVE-2017-15124	external
https://access.redhat.com/security/cve/CVE-2017-15268	self
https://bugzilla.redhat.com/show_bug.cgi?id=1496879	external
https://www.cve.org/CVERecord?id=CVE-2017-15268	external
https://nvd.nist.gov/vuln/detail/CVE-2017-15268	external
https://access.redhat.com/security/cve/CVE-2018-5683	self
https://bugzilla.redhat.com/show_bug.cgi?id=1530356	external
https://www.cve.org/CVERecord?id=CVE-2018-5683	external
https://nvd.nist.gov/vuln/detail/CVE-2018-5683	external

Acknowledgments

David Buchanan

Tencent.com Wjjzhang

Red Hat Eric Blake

Red Hat Daniel Berrange

Jiang Xin Lin ZheCheng

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nThe following packages have been upgraded to a later upstream version: qemu-kvm-rhev (2.10.0). (BZ#1470749)\n\nSecurity Fix(es):\n\n* Qemu: stack buffer overflow in NBD server triggered via long export name (CVE-2017-15118)\n\n* Qemu: DoS via large option request (CVE-2017-15119)\n\n* Qemu: vga: OOB read access during display update (CVE-2017-13672)\n\n* Qemu: vga: reachable assert failure during display update (CVE-2017-13673)\n\n* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)\n\n* Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124)\n\n* Qemu: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268)\n\n* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Buchanan for reporting CVE-2017-13672 and CVE-2017-13673; Wjjzhang (Tencent.com) for reporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683. The CVE-2017-15118 and CVE-2017-15119 issues were discovered by Eric Blake (Red Hat) and the CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat).",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:1104",
        "url": "https://access.redhat.com/errata/RHSA-2018:1104"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1139507",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139507"
      },
      {
        "category": "external",
        "summary": "1178472",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1178472"
      },
      {
        "category": "external",
        "summary": "1212715",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212715"
      },
      {
        "category": "external",
        "summary": "1213786",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213786"
      },
      {
        "category": "external",
        "summary": "1285044",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285044"
      },
      {
        "category": "external",
        "summary": "1305398",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1305398"
      },
      {
        "category": "external",
        "summary": "1320114",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320114"
      },
      {
        "category": "external",
        "summary": "1344299",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344299"
      },
      {
        "category": "external",
        "summary": "1372583",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372583"
      },
      {
        "category": "external",
        "summary": "1378241",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378241"
      },
      {
        "category": "external",
        "summary": "1390346",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390346"
      },
      {
        "category": "external",
        "summary": "1390348",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390348"
      },
      {
        "category": "external",
        "summary": "1398633",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398633"
      },
      {
        "category": "external",
        "summary": "1406803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406803"
      },
      {
        "category": "external",
        "summary": "1414049",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1414049"
      },
      {
        "category": "external",
        "summary": "1433670",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1433670"
      },
      {
        "category": "external",
        "summary": "1434321",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434321"
      },
      {
        "category": "external",
        "summary": "1437113",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437113"
      },
      {
        "category": "external",
        "summary": "1441460",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441460"
      },
      {
        "category": "external",
        "summary": "1441684",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441684"
      },
      {
        "category": "external",
        "summary": "1441938",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441938"
      },
      {
        "category": "external",
        "summary": "1443877",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443877"
      },
      {
        "category": "external",
        "summary": "1445834",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445834"
      },
      {
        "category": "external",
        "summary": "1446565",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446565"
      },
      {
        "category": "external",
        "summary": "1447258",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447258"
      },
      {
        "category": "external",
        "summary": "1447413",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1447413"
      },
      {
        "category": "external",
        "summary": "1448344",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1448344"
      },
      {
        "category": "external",
        "summary": "1449067",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449067"
      },
      {
        "category": "external",
        "summary": "1449609",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449609"
      },
      {
        "category": "external",
        "summary": "1449991",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449991"
      },
      {
        "category": "external",
        "summary": "1451015",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451015"
      },
      {
        "category": "external",
        "summary": "1451189",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451189"
      },
      {
        "category": "external",
        "summary": "1451269",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451269"
      },
      {
        "category": "external",
        "summary": "1453167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1453167"
      },
      {
        "category": "external",
        "summary": "1454362",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454362"
      },
      {
        "category": "external",
        "summary": "1454367",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454367"
      },
      {
        "category": "external",
        "summary": "1455074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1455074"
      },
      {
        "category": "external",
        "summary": "1457662",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457662"
      },
      {
        "category": "external",
        "summary": "1459906",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459906"
      },
      {
        "category": "external",
        "summary": "1459945",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459945"
      },
      {
        "category": "external",
        "summary": "1460119",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460119"
      },
      {
        "category": "external",
        "summary": "1460595",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460595"
      },
      {
        "category": "external",
        "summary": "1460848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1460848"
      },
      {
        "category": "external",
        "summary": "1462145",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462145"
      },
      {
        "category": "external",
        "summary": "1463172",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463172"
      },
      {
        "category": "external",
        "summary": "1464908",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464908"
      },
      {
        "category": "external",
        "summary": "1465799",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465799"
      },
      {
        "category": "external",
        "summary": "1468260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468260"
      },
      {
        "category": "external",
        "summary": "1470634",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470634"
      },
      {
        "category": "external",
        "summary": "1472756",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472756"
      },
      {
        "category": "external",
        "summary": "1474464",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474464"
      },
      {
        "category": "external",
        "summary": "1475634",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475634"
      },
      {
        "category": "external",
        "summary": "1476121",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1476121"
      },
      {
        "category": "external",
        "summary": "1481593",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1481593"
      },
      {
        "category": "external",
        "summary": "1482478",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482478"
      },
      {
        "category": "external",
        "summary": "1486400",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486400"
      },
      {
        "category": "external",
        "summary": "1486560",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560"
      },
      {
        "category": "external",
        "summary": "1486588",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486588"
      },
      {
        "category": "external",
        "summary": "1489670",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489670"
      },
      {
        "category": "external",
        "summary": "1489800",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489800"
      },
      {
        "category": "external",
        "summary": "1491909",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491909"
      },
      {
        "category": "external",
        "summary": "1492178",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492178"
      },
      {
        "category": "external",
        "summary": "1492295",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492295"
      },
      {
        "category": "external",
        "summary": "1495090",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495090"
      },
      {
        "category": "external",
        "summary": "1495456",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495456"
      },
      {
        "category": "external",
        "summary": "1496879",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1496879"
      },
      {
        "category": "external",
        "summary": "1497120",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1497120"
      },
      {
        "category": "external",
        "summary": "1497137",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1497137"
      },
      {
        "category": "external",
        "summary": "1497740",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1497740"
      },
      {
        "category": "external",
        "summary": "1498042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498042"
      },
      {
        "category": "external",
        "summary": "1498496",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498496"
      },
      {
        "category": "external",
        "summary": "1498754",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498754"
      },
      {
        "category": "external",
        "summary": "1498817",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498817"
      },
      {
        "category": "external",
        "summary": "1498865",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498865"
      },
      {
        "category": "external",
        "summary": "1499011",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499011"
      },
      {
        "category": "external",
        "summary": "1499647",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499647"
      },
      {
        "category": "external",
        "summary": "1500181",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500181"
      },
      {
        "category": "external",
        "summary": "1500334",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500334"
      },
      {
        "category": "external",
        "summary": "1501240",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501240"
      },
      {
        "category": "external",
        "summary": "1501337",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501337"
      },
      {
        "category": "external",
        "summary": "1501468",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501468"
      },
      {
        "category": "external",
        "summary": "1502949",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502949"
      },
      {
        "category": "external",
        "summary": "1505654",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505654"
      },
      {
        "category": "external",
        "summary": "1505696",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505696"
      },
      {
        "category": "external",
        "summary": "1505701",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1505701"
      },
      {
        "category": "external",
        "summary": "1506151",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506151"
      },
      {
        "category": "external",
        "summary": "1506531",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506531"
      },
      {
        "category": "external",
        "summary": "1506882",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506882"
      },
      {
        "category": "external",
        "summary": "1507693",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1507693"
      },
      {
        "category": "external",
        "summary": "1508271",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508271"
      },
      {
        "category": "external",
        "summary": "1508799",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508799"
      },
      {
        "category": "external",
        "summary": "1508886",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508886"
      },
      {
        "category": "external",
        "summary": "1510809",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510809"
      },
      {
        "category": "external",
        "summary": "1511312",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1511312"
      },
      {
        "category": "external",
        "summary": "1513870",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513870"
      },
      {
        "category": "external",
        "summary": "1515173",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515173"
      },
      {
        "category": "external",
        "summary": "1515393",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515393"
      },
      {
        "category": "external",
        "summary": "1515604",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515604"
      },
      {
        "category": "external",
        "summary": "1516922",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516922"
      },
      {
        "category": "external",
        "summary": "1516925",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516925"
      },
      {
        "category": "external",
        "summary": "1517144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517144"
      },
      {
        "category": "external",
        "summary": "1518482",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518482"
      },
      {
        "category": "external",
        "summary": "1518649",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518649"
      },
      {
        "category": "external",
        "summary": "1519721",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519721"
      },
      {
        "category": "external",
        "summary": "1520294",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520294"
      },
      {
        "category": "external",
        "summary": "1520824",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520824"
      },
      {
        "category": "external",
        "summary": "1523414",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523414"
      },
      {
        "category": "external",
        "summary": "1525195",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
      },
      {
        "category": "external",
        "summary": "1525324",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525324"
      },
      {
        "category": "external",
        "summary": "1525868",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525868"
      },
      {
        "category": "external",
        "summary": "1526212",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526212"
      },
      {
        "category": "external",
        "summary": "1526423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526423"
      },
      {
        "category": "external",
        "summary": "1528173",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528173"
      },
      {
        "category": "external",
        "summary": "1529053",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529053"
      },
      {
        "category": "external",
        "summary": "1529243",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529243"
      },
      {
        "category": "external",
        "summary": "1529676",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1529676"
      },
      {
        "category": "external",
        "summary": "1530356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530356"
      },
      {
        "category": "external",
        "summary": "1534491",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534491"
      },
      {
        "category": "external",
        "summary": "1535752",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535752"
      },
      {
        "category": "external",
        "summary": "1535992",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535992"
      },
      {
        "category": "external",
        "summary": "1538494",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538494"
      },
      {
        "category": "external",
        "summary": "1538953",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538953"
      },
      {
        "category": "external",
        "summary": "1540003",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540003"
      },
      {
        "category": "external",
        "summary": "1540182",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540182"
      },
      {
        "category": "external",
        "summary": "1542045",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542045"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1104.json"
      }
    ],
    "title": "Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-05-13T01:18:08+00:00",
      "generator": {
        "date": "2026-05-13T01:18:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.9"
        }
      },
      "id": "RHSA-2018:1104",
      "initial_release_date": "2018-04-10T18:54:38+00:00",
      "revision_history": [
        {
          "date": "2018-04-10T18:54:38+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-04-10T18:54:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-13T01:18:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
                "product": {
                  "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
                  "product_id": "7Server-RHEV-4-Agents-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
                "product": {
                  "name": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
                  "product_id": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-img-rhev@2.10.0-21.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
                  "product_id": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.10.0-21.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
                  "product_id": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.10.0-21.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
                  "product_id": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.10.0-21.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
                "product": {
                  "name": "qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_id": "qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-img-rhev@2.10.0-21.el7?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
                "product": {
                  "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_id": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.10.0-21.el7?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
                "product": {
                  "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_id": "qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.10.0-21.el7?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
                "product": {
                  "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
                  "product_id": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.10.0-21.el7?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7?arch=ppc64le\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7?arch=src\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "David Buchanan"
          ]
        }
      ],
      "cve": "CVE-2017-13672",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2017-08-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1486560"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: vga: OOB read access during display update",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-13672"
        },
        {
          "category": "external",
          "summary": "RHBZ#1486560",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-13672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13672",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13672"
        }
      ],
      "release_date": "2017-08-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T18:54:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1104"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: vga: OOB read access during display update"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "David Buchanan"
          ]
        }
      ],
      "cve": "CVE-2017-13673",
      "cwe": {
        "id": "CWE-617",
        "name": "Reachable Assertion"
      },
      "discovery_date": "2017-08-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1486588"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: VGA: reachable assert failure during display update",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-13673"
        },
        {
          "category": "external",
          "summary": "RHBZ#1486588",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486588"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-13673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-13673"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13673",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13673"
        }
      ],
      "release_date": "2017-08-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T18:54:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1104"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: VGA: reachable assert failure during display update"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Wjjzhang"
          ],
          "organization": "Tencent.com"
        }
      ],
      "cve": "CVE-2017-13711",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2017-06-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1486400"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: Slirp: use-after-free when sending response",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-13711"
        },
        {
          "category": "external",
          "summary": "RHBZ#1486400",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486400"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-13711",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13711",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13711"
        }
      ],
      "release_date": "2017-08-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T18:54:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1104"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: Slirp: use-after-free when sending response"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Eric Blake"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-15118",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2017-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1516922"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, allowing causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Qemu: stack buffer overflow in NBD server triggered via long export name",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15118"
        },
        {
          "category": "external",
          "summary": "RHBZ#1516922",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516922"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15118",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15118"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15118",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15118"
        }
      ],
      "release_date": "2017-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T18:54:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1104"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Qemu: stack buffer overflow in NBD server triggered via long export name"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Eric Blake"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-15119",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2017-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1516925"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "qemu: DoS via large option request",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15119"
        },
        {
          "category": "external",
          "summary": "RHBZ#1516925",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516925"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15119",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15119"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15119",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15119"
        }
      ],
      "release_date": "2017-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T18:54:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1104"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "qemu: DoS via large option request"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Daniel Berrange"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-15124",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2017-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1525195"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Qemu: memory exhaustion through framebuffer update request message in VNC server",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15124"
        },
        {
          "category": "external",
          "summary": "RHBZ#1525195",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15124",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15124"
        }
      ],
      "release_date": "2017-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T18:54:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1104"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Qemu: memory exhaustion through framebuffer update request message in VNC server"
    },
    {
      "cve": "CVE-2017-15268",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2017-09-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1496879"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a denial of service on the host and/or potentially crash the QEMU process instance on the host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: I/O: potential memory exhaustion via websock connection to VNC",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15268"
        },
        {
          "category": "external",
          "summary": "RHBZ#1496879",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1496879"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15268",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15268"
        }
      ],
      "release_date": "2017-09-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T18:54:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1104"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: I/O: potential memory exhaustion via websock connection to VNC"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jiang Xin",
            "Lin ZheCheng"
          ]
        }
      ],
      "cve": "CVE-2018-5683",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2017-12-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1530356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Qemu: Out-of-bounds read in vga_draw_text routine",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5683"
        },
        {
          "category": "external",
          "summary": "RHBZ#1530356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5683",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5683"
        }
      ],
      "release_date": "2017-12-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-10T18:54:38+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1104"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Qemu: Out-of-bounds read in vga_draw_text routine"
    }
  ]
}

RHSA-2018:1113

Vulnerability from csaf_redhat - Published: 2018-04-11 17:52 - Updated: 2026-05-13 01:18

Summary

Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update

Severity

Moderate

Notes

Topic: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton), Red Hat OpenStack Platform 11.0 (Ocata), Red Hat OpenStack Platform 12.0 (Pike), Red Hat OpenStack Platform 8.0 (Liberty), and Red Hat OpenStack Platform 9.0 (Mitaka). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * The Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. (CVE-2017-15119) * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: vga: reachable assert failure during display update (CVE-2017-13673) * Qemu: Slirp: use-after-free when sending response (CVE-2017-13711) * VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. (CVE-2017-15124) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank David Buchanan for reporting CVE-2017-13672 and CVE-2017-13673 and Wjjzhang (Tencent.com) for reporting CVE-2017-13711. The CVE-2017-15119 issue was discovered by Eric Blake (Red Hat) and the CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat).

CVE-2017-13672

3.0 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-13673

3.0 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-617 - Reachable Assertion

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-13711

3.4 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-416 - Use After Free

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-15118

8.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE-121 - Stack-based Buffer Overflow

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2017-15119

5.8 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-15124

3.5 (Low)


                        
                          CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2017-15268

3.0 (Low)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

CVE-2018-5683

3.0 (Low)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

References

45 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:1113	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1486400	external
https://bugzilla.redhat.com/show_bug.cgi?id=1486560	external
https://bugzilla.redhat.com/show_bug.cgi?id=1486588	external
https://bugzilla.redhat.com/show_bug.cgi?id=1516925	external
https://bugzilla.redhat.com/show_bug.cgi?id=1525195	external
https://bugzilla.redhat.com/show_bug.cgi?id=1549860	external
https://bugzilla.redhat.com/show_bug.cgi?id=1553107	external
https://bugzilla.redhat.com/show_bug.cgi?id=1557010	external
https://bugzilla.redhat.com/show_bug.cgi?id=1557011	external
https://bugzilla.redhat.com/show_bug.cgi?id=1562826	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2017-13672	self
https://bugzilla.redhat.com/show_bug.cgi?id=1486560	external
https://www.cve.org/CVERecord?id=CVE-2017-13672	external
https://nvd.nist.gov/vuln/detail/CVE-2017-13672	external
https://access.redhat.com/security/cve/CVE-2017-13673	self
https://bugzilla.redhat.com/show_bug.cgi?id=1486588	external
https://www.cve.org/CVERecord?id=CVE-2017-13673	external
https://nvd.nist.gov/vuln/detail/CVE-2017-13673	external
https://access.redhat.com/security/cve/CVE-2017-13711	self
https://bugzilla.redhat.com/show_bug.cgi?id=1486400	external
https://www.cve.org/CVERecord?id=CVE-2017-13711	external
https://nvd.nist.gov/vuln/detail/CVE-2017-13711	external
https://access.redhat.com/security/cve/CVE-2017-15118	self
https://bugzilla.redhat.com/show_bug.cgi?id=1516922	external
https://www.cve.org/CVERecord?id=CVE-2017-15118	external
https://nvd.nist.gov/vuln/detail/CVE-2017-15118	external
https://access.redhat.com/security/cve/CVE-2017-15119	self
https://bugzilla.redhat.com/show_bug.cgi?id=1516925	external
https://www.cve.org/CVERecord?id=CVE-2017-15119	external
https://nvd.nist.gov/vuln/detail/CVE-2017-15119	external
https://access.redhat.com/security/cve/CVE-2017-15124	self
https://bugzilla.redhat.com/show_bug.cgi?id=1525195	external
https://www.cve.org/CVERecord?id=CVE-2017-15124	external
https://nvd.nist.gov/vuln/detail/CVE-2017-15124	external
https://access.redhat.com/security/cve/CVE-2017-15268	self
https://bugzilla.redhat.com/show_bug.cgi?id=1496879	external
https://www.cve.org/CVERecord?id=CVE-2017-15268	external
https://nvd.nist.gov/vuln/detail/CVE-2017-15268	external
https://access.redhat.com/security/cve/CVE-2018-5683	self
https://bugzilla.redhat.com/show_bug.cgi?id=1530356	external
https://www.cve.org/CVERecord?id=CVE-2018-5683	external
https://nvd.nist.gov/vuln/detail/CVE-2018-5683	external

Acknowledgments

David Buchanan

Tencent.com Wjjzhang

Red Hat Eric Blake

Red Hat Daniel Berrange

Jiang Xin Lin ZheCheng

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton), Red Hat OpenStack Platform 11.0 (Ocata), Red Hat OpenStack Platform 12.0 (Pike), Red Hat OpenStack Platform 8.0 (Liberty), and Red Hat OpenStack Platform 9.0 (Mitaka).\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* The Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. (CVE-2017-15119)\n\n* Qemu: vga: OOB read access during display update (CVE-2017-13672)\n\n* Qemu: vga: reachable assert failure during display update (CVE-2017-13673)\n\n* Qemu: Slirp: use-after-free when sending response (CVE-2017-13711)\n\n* VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. (CVE-2017-15124)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank David Buchanan for reporting CVE-2017-13672 and CVE-2017-13673 and Wjjzhang (Tencent.com) for reporting CVE-2017-13711. The CVE-2017-15119 issue was discovered by Eric Blake (Red Hat) and the CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat).",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:1113",
        "url": "https://access.redhat.com/errata/RHSA-2018:1113"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1486400",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486400"
      },
      {
        "category": "external",
        "summary": "1486560",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560"
      },
      {
        "category": "external",
        "summary": "1486588",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486588"
      },
      {
        "category": "external",
        "summary": "1516925",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516925"
      },
      {
        "category": "external",
        "summary": "1525195",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
      },
      {
        "category": "external",
        "summary": "1549860",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549860"
      },
      {
        "category": "external",
        "summary": "1553107",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553107"
      },
      {
        "category": "external",
        "summary": "1557010",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557010"
      },
      {
        "category": "external",
        "summary": "1557011",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557011"
      },
      {
        "category": "external",
        "summary": "1562826",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1562826"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1113.json"
      }
    ],
    "title": "Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update",
    "tracking": {
      "current_release_date": "2026-05-13T01:18:09+00:00",
      "generator": {
        "date": "2026-05-13T01:18:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.9"
        }
      },
      "id": "RHSA-2018:1113",
      "initial_release_date": "2018-04-11T17:52:02+00:00",
      "revision_history": [
        {
          "date": "2018-04-11T17:52:02+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-04-11T17:52:02+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-13T01:18:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 10.0",
                "product": {
                  "name": "Red Hat OpenStack Platform 10.0",
                  "product_id": "7Server-RH7-RHOS-10.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:10::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 11.0",
                "product": {
                  "name": "Red Hat OpenStack Platform 11.0",
                  "product_id": "7Server-RH7-RHOS-11.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:11::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 8.0 (Liberty)",
                "product": {
                  "name": "Red Hat OpenStack Platform 8.0 (Liberty)",
                  "product_id": "7Server-RH7-RHOS-8.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:8::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 9.0",
                "product": {
                  "name": "Red Hat OpenStack Platform 9.0",
                  "product_id": "7Server-RH7-RHOS-9.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:9::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 12.0",
                "product": {
                  "name": "Red Hat OpenStack Platform 12.0",
                  "product_id": "7Server-RH7-RHOS-12.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:12::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
                "product": {
                  "name": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
                  "product_id": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-img-rhev@2.10.0-21.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
                  "product_id": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.10.0-21.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
                  "product_id": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.10.0-21.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
                  "product_id": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.10.0-21.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7?arch=x86_64\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7?arch=src\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
                "product": {
                  "name": "qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_id": "qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-img-rhev@2.10.0-21.el7?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
                "product": {
                  "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_id": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.10.0-21.el7?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
                "product": {
                  "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_id": "qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.10.0-21.el7?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
                "product": {
                  "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
                  "product_id": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.10.0-21.el7?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7?arch=ppc64le\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.src as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 11.0",
          "product_id": "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-11.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 11.0",
          "product_id": "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-11.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.src as a component of Red Hat OpenStack Platform 11.0",
          "product_id": "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOS-11.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 11.0",
          "product_id": "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-11.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 11.0",
          "product_id": "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-11.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 11.0",
          "product_id": "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-11.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7.ppc64le as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.src as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
          "product_id": "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
          "product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.src as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
          "product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOS-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
          "product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
          "product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 8.0 (Liberty)",
          "product_id": "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-8.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 9.0",
          "product_id": "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 9.0",
          "product_id": "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.src as a component of Red Hat OpenStack Platform 9.0",
          "product_id": "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOS-9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 9.0",
          "product_id": "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 9.0",
          "product_id": "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-9.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64 as a component of Red Hat OpenStack Platform 9.0",
          "product_id": "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-9.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "David Buchanan"
          ]
        }
      ],
      "cve": "CVE-2017-13672",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2017-08-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1486560"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: vga: OOB read access during display update",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-13672"
        },
        {
          "category": "external",
          "summary": "RHBZ#1486560",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-13672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13672",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13672"
        }
      ],
      "release_date": "2017-08-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-11T17:52:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1113"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: vga: OOB read access during display update"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "David Buchanan"
          ]
        }
      ],
      "cve": "CVE-2017-13673",
      "cwe": {
        "id": "CWE-617",
        "name": "Reachable Assertion"
      },
      "discovery_date": "2017-08-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1486588"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: VGA: reachable assert failure during display update",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-13673"
        },
        {
          "category": "external",
          "summary": "RHBZ#1486588",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486588"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-13673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-13673"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13673",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13673"
        }
      ],
      "release_date": "2017-08-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-11T17:52:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1113"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: VGA: reachable assert failure during display update"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Wjjzhang"
          ],
          "organization": "Tencent.com"
        }
      ],
      "cve": "CVE-2017-13711",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2017-06-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1486400"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: Slirp: use-after-free when sending response",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-13711"
        },
        {
          "category": "external",
          "summary": "RHBZ#1486400",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486400"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-13711",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13711",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13711"
        }
      ],
      "release_date": "2017-08-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-11T17:52:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1113"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: Slirp: use-after-free when sending response"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Eric Blake"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-15118",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "discovery_date": "2017-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1516922"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, allowing causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Qemu: stack buffer overflow in NBD server triggered via long export name",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15118"
        },
        {
          "category": "external",
          "summary": "RHBZ#1516922",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516922"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15118",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15118"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15118",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15118"
        }
      ],
      "release_date": "2017-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-11T17:52:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1113"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Qemu: stack buffer overflow in NBD server triggered via long export name"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Eric Blake"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-15119",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2017-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1516925"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Network Block Device (NBD) server in Quick Emulator (QEMU), is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "qemu: DoS via large option request",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15119"
        },
        {
          "category": "external",
          "summary": "RHBZ#1516925",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516925"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15119",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15119"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15119",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15119"
        }
      ],
      "release_date": "2017-11-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-11T17:52:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1113"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "qemu: DoS via large option request"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Daniel Berrange"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2017-15124",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2017-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1525195"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Qemu: memory exhaustion through framebuffer update request message in VNC server",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15124"
        },
        {
          "category": "external",
          "summary": "RHBZ#1525195",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15124",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15124",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15124"
        }
      ],
      "release_date": "2017-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-11T17:52:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1113"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Qemu: memory exhaustion through framebuffer update request message in VNC server"
    },
    {
      "cve": "CVE-2017-15268",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2017-09-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1496879"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a denial of service on the host and/or potentially crash the QEMU process instance on the host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: I/O: potential memory exhaustion via websock connection to VNC",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15268"
        },
        {
          "category": "external",
          "summary": "RHBZ#1496879",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1496879"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15268",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15268"
        }
      ],
      "release_date": "2017-09-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-11T17:52:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1113"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "QEMU: I/O: potential memory exhaustion via websock connection to VNC"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jiang Xin",
            "Lin ZheCheng"
          ]
        }
      ],
      "cve": "CVE-2018-5683",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2017-12-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1530356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Qemu: Out-of-bounds read in vga_draw_text routine",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
          "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-5683"
        },
        {
          "category": "external",
          "summary": "RHBZ#1530356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-5683",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5683",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5683"
        }
      ],
      "release_date": "2017-12-25T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-04-11T17:52:02+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1113"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.0,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-11.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-8.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-img-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-common-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.src",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7.x86_64",
            "7Server-RH7-RHOS-9.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Qemu: Out-of-bounds read in vga_draw_text routine"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-15124 (GCVE-0-2017-15124)

Solution

Solution

Tags

Sightings

Nomenclature