PT-2017-3865 · Qemu+5 · Qemu+5

Guoxiang Niu

·

Published

2017-10-11

·

Updated

2024-06-15

·

CVE-2017-15289

CVSS v3.1

6.0

Medium

VectorAV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Qemu (affected versions not specified)
Description The issue is related to the mode4and5 write functions in the hw/display/cirrus vga.c file of Qemu, allowing local OS guest privileged users to cause a denial of service. This can be achieved through vectors related to dst calculation, resulting in out-of-bounds write access and a Qemu process crash. The vulnerability is also described as a buffer overflow issue in the mode4and5 function of the Qemu hardware emulator, which can be exploited to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2017-2829
BDU:2019-04104
CESA-2017_3368
CESA-2018_0516
CVE-2017-15289
DLA-1497-1
DSA-4213-1
OPENSUSE-SU-2017_2938-1
OPENSUSE-SU-2017_2941-1
OPENSUSE-SU-2017_3193-1
OPENSUSE-SU-2017_3194-1
OPENSUSE-SU-2024:11287-1
RHSA-2017:3368
RHSA-2017:3369
RHSA-2017:3466
RHSA-2017:3470
RHSA-2017:3471
RHSA-2017:3472
RHSA-2017:3473
RHSA-2017:3474
RHSA-2017_3368
RHSA-2018:0516
RHSA-2018_0516
SUSE-SU-2017:2924-1
SUSE-SU-2017:2936-1
SUSE-SU-2017:2946-1
SUSE-SU-2017:2963-1
SUSE-SU-2017:2969-1
SUSE-SU-2017:3084-1
SUSE-SU-2017:3115-1
SUSE-SU-2017:3178-1
SUSE-SU-2017:3212-1
SUSE-SU-2017:3236-1
SUSE-SU-2017:3239-1
SUSE-SU-2017:3242-1
SUSE-SU-2017_3115-1
SUSE-SU-2017_3178-1
SUSE-SU-2017_3212-1
USN-3575-1
USN-3575-2

Affected Products

Alt Linux
Centos
Qemu
Red Hat
Suse
Ubuntu