CVE-2017-7718Out-of-bounds Read in Qemu

CWE-125Out-of-bounds Read11 documents8 sources
Severity
5.5MEDIUMNVD
OSV6.0
EPSS
0.1%
top 67.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
QemuDebian QemuDebian Linux+1 more
Timeline
PublishedApr 20
Latest updateMay 13

Description

hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/qemu< qemu 1:2.8+dfsg-4 (bookworm)
Debianqemu/qemu< 1:2.8+dfsg-4+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.34+1
NVDqemu/qemu2.8.1.1+1

Also affects: Debian Linux 8.0

Patches

Patch: www.openwall.comPatch: bugzilla.redhat.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-grqv-x6q8-x92g: hw/display/cirrus_vga_rop2022-05-13
OSV
qemu vulnerabilities2017-05-16
OSV
CVE-2017-7718: hw/display/cirrus_vga_rop2017-04-20

📋Vendor Advisories

4
Ubuntu
QEMU vulnerabilities2017-05-16
Microsoft
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying 2017-04-11
Red Hat
Qemu: display: cirrus: OOB read access issue2017-03-14
Debian
CVE-2017-7718: qemu - hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS p...2017

💬Community

3
Bugzilla
CVE-2017-7718 Qemu: display: cirrus: OOB read access issue [fedora-all]2017-04-19
Bugzilla
CVE-2017-7718 xen: Qemu: display: cirrus: OOB read access issue [fedora-all]2017-04-19
Bugzilla
CVE-2017-7718 Qemu: display: cirrus: OOB read access issue2017-04-19