PT-2017-17904 · Qemu+5 · Qemu+5

Published

2017-04-20

Updated

2020-11-10

CVE-2017-7718

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU (aka Quick Emulator) (affected versions not specified)

Description The issue allows local guest OS privileged users to cause a denial of service, resulting in an out-of-bounds read and a QEMU process crash. This is achieved through vectors related to copying VGA data via the cirrus bitblt rop fwd transp and cirrus bitblt rop fwd functions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2017-1521

CESA-2017_1206

CESA-2017_1430

CVE-2017-7718

DLA-1035-1

DLA-1497-1

DLA-939-1

OPENSUSE-SU-2017_1221-1

OPENSUSE-SU-2017_1872-1

RHSA-2017:0980

RHSA-2017:0981

RHSA-2017:0982

RHSA-2017:0983

RHSA-2017:0984

RHSA-2017:0988

RHSA-2017:1205

RHSA-2017:1206

RHSA-2017:1430

RHSA-2017:1431

RHSA-2017:1441

RHSA-2017_1206

RHSA-2017_1430

SUSE-SU-2017:1143-1

SUSE-SU-2017:1145-1

SUSE-SU-2017:1146-1

SUSE-SU-2017:1147-1

SUSE-SU-2017:1148-1

SUSE-SU-2017:1774-1

SUSE-SU-2017:2946-1

SUSE-SU-2017:2963-1

SUSE-SU-2017:2969-1

SUSE-SU-2017:3084-1

SUSE-SU-2017_1148-1

USN-3289-1

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse

Ubuntu

PT-2017-17904 · Qemu+5 · Qemu+5

CVE-2017-7718

Weakness Enumeration

Related Identifiers

Affected Products

References · 336