CVE-2017-18030 — Out-of-bounds Read in Qemu

CWE-125 — Out-of-bounds Read7 documents6 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 71.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux

Timeline

PublishedJan 23

Latest updateMay 13

Description

The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/qemu< qemu 1:2.8+dfsg-4 (bookworm)

▶Debianqemu/qemu< 1:2.8+dfsg-4+3

▶NVDqemu/qemu2.8.1.1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-8v4h-p9x9-5mm5: The cirrus_invalidate_region function in hw/display/cirrus_vga↗2022-05-13

▶

OSV

CVE-2017-18030: The cirrus_invalidate_region function in hw/display/cirrus_vga↗2018-01-23

▶

📋Vendor Advisories

Red Hat

Qemu: Out-of-bounds access in cirrus_invalidate_region routine↗2017-01-25

▶

Debian

CVE-2017-18030: qemu - The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows ...↗2017

▶

💬Community

Bugzilla

CVE-2017-18030 xen: qemu: Out-of-bounds read in cirrus_invalidate_region function in hw/vga/cirrus_vga.c [fedora-all]↗2018-01-15

▶

Bugzilla

CVE-2017-18030 Qemu: Out-of-bounds access in cirrus_invalidate_region routine↗2018-01-02

▶