CVE-2017-2615 vulnerability in QEMU and Other Products
Published on July 3, 2018

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2017-2615 has been classified to as a Memory Corruption vulnerability or weakness.

Products Associated with CVE-2017-2615

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2017-2615 are published in these products:

QEMU

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Workstation

Red Hat Enterprise Linux Server Aus

Citrix Xen Server

Citrix Xen Xen

Red Hat Enterprise Linux Server

Red Hat Openstack

Debian Linux

Red Hat Enterprise Linux Server Eus

Affected Versions

qemu display Version n/a is affected by CVE-2017-2615

Exploit Probability

EPSS

1.01%

Percentile

76.79%