CVE-2017-2615
Summary
| CVE | CVE-2017-2615 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-03 01:29:00 UTC |
| Updated | 2023-02-12 23:29:00 UTC |
| Description | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Citrix | Xenserver | 6.0.2 | All | All | All |
| Application | Citrix | Xenserver | 6.2.0 | sp1 | All | All |
| Application | Citrix | Xenserver | 6.5 | sp1 | All | All |
| Application | Citrix | Xenserver | 7.0 | All | All | All |
| Application | Citrix | Xenserver | 7.1 | All | All | All |
| Application | Citrix | Xenserver | 6.0.2 | All | All | All |
| Application | Citrix | Xenserver | 6.2.0 | sp1 | All | All |
| Application | Citrix | Xenserver | 6.5 | sp1 | All | All |
| Application | Citrix | Xenserver | 7.0 | All | All | All |
| Application | Citrix | Xenserver | 7.1 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Application | Qemu | Qemu | All | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Openstack | 10 | All | All | All |
| Application | Redhat | Openstack | 10.0 | All | All | All |
| Application | Redhat | Openstack | 5.0 | All | All | All |
| Application | Redhat | Openstack | 6.0 | All | All | All |
| Application | Redhat | Openstack | 7.0 | All | All | All |
| Application | Redhat | Openstack | 8 | All | All | All |
| Application | Redhat | Openstack | 8.0 | All | All | All |
| Application | Redhat | Openstack | 9 | All | All | All |
| Application | Redhat | Openstack | 9.0 | All | All | All |
| Application | Redhat | Openstack | 10.0 | All | All | All |
| Application | Redhat | Openstack | 5.0 | All | All | All |
| Application | Redhat | Openstack | 6.0 | All | All | All |
| Application | Redhat | Openstack | 7.0 | All | All | All |
| Application | Redhat | Openstack | 8.0 | All | All | All |
| Application | Redhat | Openstack | 9.0 | All | All | All |
| Operating System | Xen | Xen | 4.7.1 | r1 | All | All |
| Operating System | Xen | Xen | 4.7.1 | r2 | All | All |
| Operating System | Xen | Xen | 4.7.1 | r3 | All | All |
| Operating System | Xen | Xen | 4.7.1 | r4 | All | All |
| Operating System | Xen | Xen | 4.7.1 | r1 | All | All |
| Operating System | Xen | Xen | 4.7.1 | r2 | All | All |
| Operating System | Xen | Xen | 4.7.1 | r3 | All | All |
| Operating System | Xen | Xen | 4.7.1 | r4 | All | All |
| Operating System | Xen | Xen | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Xen Bug in Cirrus Display Emulation Lets Local Users on a Guest System Gain Elevated Privileges on the Host System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| CVE-2017-2615 - Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| QEMU 'hw/display/cirrus_vga.c' Remote Code Execution Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Citrix XenServer Multiple Security Updates | CONFIRM | support.citrix.com | Third Party Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| QEMU: Multiple vulnerabilities (GLSA 201702-28) — Gentoo Security | GENTOO | security.gentoo.org | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| [SECURITY] [DLA 1497-1] qemu security update | MLIST | lists.debian.org | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| 1418200 – (CVE-2017-2615) CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Xen: Multiple vulnerabilities (GLSA 201702-27) — Gentoo Security | GENTOO | security.gentoo.org | Third Party Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| oss-security - CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode | MLIST | www.openwall.com | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Bug 1418200 – CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode | MISC | bugzilla.redhat.com | |
| [Qemu-devel] [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615) | MLIST | lists.gnu.org | Patch, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378154 Virtuozzo Linux Security Update for qemu-kvm (VZLSA-2017:0309)
- 378163 Virtuozzo Linux Security Update for qemu-kvm (VZLSA-2017:0396)
- 378279 Virtuozzo Linux Security Update for kvm-tools (VZLSA-2017:0454)
- 500813 Alpine Linux Security Update for xen
- 501229 Alpine Linux Security Update for qemu
- 504556 Alpine Linux Security Update for xen
- 505339 Alpine Linux Security Update for qemu
- 710393 Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 201702-28)
- 710409 Gentoo Linux Xen Multiple Vulnerabilities (GLSA 201702-27)