{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-08-24T00:00:00", "descriptions": [{"lang": "en", "value": "The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-29T00:06:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html"}, {"name": "RHSA-2018:1104", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1104"}, {"name": "100527", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100527"}, {"name": "RHSA-2018:1113", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1113"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d"}, {"name": "[oss-security] 20170910 Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/09/10/1"}, {"name": "openSUSE-SU-2019:1074", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-13673", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html", "refsource": "CONFIRM", "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html"}, {"name": "RHSA-2018:1104", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1104"}, {"name": "100527", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100527"}, {"name": "RHSA-2018:1113", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1113"}, {"name": "https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d", "refsource": "CONFIRM", "url": "https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d"}, {"name": "[oss-security] 20170910 Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/09/10/1"}, {"name": "openSUSE-SU-2019:1074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:05:18.974Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html"}, {"name": "RHSA-2018:1104", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1104"}, {"name": "100527", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100527"}, {"name": "RHSA-2018:1113", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1113"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d"}, {"name": "[oss-security] 20170910 Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/09/10/1"}, {"name": "openSUSE-SU-2019:1074", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-13673", "datePublished": "2017-08-29T16:00:00", "dateReserved": "2017-08-24T00:00:00", "dateUpdated": "2024-08-05T19:05:18.974Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "242C3AA9-F5FC-4D25-9F96-1DEC709AA9C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:2.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC2FC474-181C-4022-8A7E-AEEE4DDAE6A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function."}, {"lang": "es", "value": "La actualizaci\u00f3n de la pantalla VGA en la regi\u00f3n calculada inapropiadamente para la instant\u00e1nea dirty bitmap en el caso de que el modo pantalla dividida sea usado, lo que provoca una denegaci\u00f3n de servicio (fallo de aserci\u00f3n) en la funci\u00f3n cpu_physical_memory_snapshot_get_dirty."}], "id": "CVE-2017-13673", "lastModified": "2023-11-07T02:38:41.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-29T16:29:00.277", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2017/09/10/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100527"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:1104"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2018:1113"}, {"source": "cve@mitre.org", "url": "https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank David Buchanan for reporting this issue.", "affected_release": [{"advisory": "RHSA-2018:1113", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "qemu-kvm-rhev-10:2.10.0-21.el7", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2018-04-11T00:00:00Z"}, {"advisory": "RHSA-2018:1113", "cpe": "cpe:/a:redhat:openstack:11::el7", "package": "qemu-kvm-rhev-10:2.10.0-21.el7", "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)", "release_date": "2018-04-11T00:00:00Z"}, {"advisory": "RHSA-2018:1113", "cpe": "cpe:/a:redhat:openstack:12::el7", "package": "qemu-kvm-rhev-10:2.10.0-21.el7", "product_name": "Red Hat OpenStack Platform 12.0 (Pike)", "release_date": "2018-04-11T00:00:00Z"}, {"advisory": "RHSA-2018:1113", "cpe": "cpe:/a:redhat:openstack:8::el7", "package": "qemu-kvm-rhev-10:2.10.0-21.el7", "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", "release_date": "2018-04-11T00:00:00Z"}, {"advisory": "RHSA-2018:1113", "cpe": "cpe:/a:redhat:openstack:9::el7", "package": "qemu-kvm-rhev-10:2.10.0-21.el7", "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date": "2018-04-11T00:00:00Z"}, {"advisory": "RHSA-2018:1104", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.10.0-21.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2018-04-10T00:00:00Z"}], "bugzilla": {"description": "QEMU: VGA: reachable assert failure during display update", "id": "1486588", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486588"}, "csaw": false, "cvss": {"cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "3.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-617", "details": ["The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.", "An assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service."], "name": "CVE-2017-13673", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Will not fix", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}], "public_date": "2017-08-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-13673\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13673"], "threat_severity": "Low"}