{"containers": {"cna": {"affected": [{"product": "display", "vendor": "qemu", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-01-24T00:00:00", "descriptions": [{"lang": "en", "value": "Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-07T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:0329", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"}, {"name": "RHSA-2017:0334", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615"}, {"name": "1037804", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037804"}, {"name": "RHSA-2017:0328", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"}, {"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "95990", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95990"}, {"name": "RHSA-2017:0333", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"}, {"name": "GLSA-201702-27", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201702-27"}, {"name": "[oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/02/01/6"}, {"name": "RHSA-2017:0454", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"}, {"name": "[qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html"}, {"name": "RHSA-2017:0331", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"}, {"name": "GLSA-201702-28", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201702-28"}, {"name": "RHSA-2017:0350", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"}, {"name": "RHSA-2017:0396", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"}, {"name": "RHSA-2017:0309", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"}, {"name": "RHSA-2017:0344", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"}, {"name": "RHSA-2017:0330", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"}, {"name": "RHSA-2017:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX220771"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:06.484Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:0329", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"}, {"name": "RHSA-2017:0334", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615"}, {"name": "1037804", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037804"}, {"name": "RHSA-2017:0328", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"}, {"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "95990", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95990"}, {"name": "RHSA-2017:0333", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"}, {"name": "GLSA-201702-27", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201702-27"}, {"name": "[oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/02/01/6"}, {"name": "RHSA-2017:0454", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"}, {"name": "[qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html"}, {"name": "RHSA-2017:0331", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"}, {"name": "GLSA-201702-28", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201702-28"}, {"name": "RHSA-2017:0350", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"}, {"name": "RHSA-2017:0396", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"}, {"name": "RHSA-2017:0309", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"}, {"name": "RHSA-2017:0344", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"}, {"name": "RHSA-2017:0330", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"}, {"name": "RHSA-2017:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX220771"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2615", "datePublished": "2018-07-02T18:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T14:02:06.484Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "B256D13F-3021-486C-B9BD-A5F97F716FA7", "versionEndIncluding": "2.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FCF191B-971A-4945-AB14-08091689BE2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "878949E0-D656-4E0E-858A-C6AD948A2A2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "DBCF6643-ACDE-4DDB-8B01-D952DDF8951E", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "405F950F-0772-41A3-8B72-B67151CC1376", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5647AEA-DCE6-4950-A7EB-05465ECDDE16", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "E26BFEBF-36AE-4956-918E-0F3745F67103", "versionEndIncluding": "4.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r1:*:*:*:*:*:*", "matchCriteriaId": "28DC6689-C725-4A0D-B18F-F06C63F43AAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r2:*:*:*:*:*:*", "matchCriteriaId": "BDDCD905-A9D3-4BF7-BC92-35886465241E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r3:*:*:*:*:*:*", "matchCriteriaId": "ADCF1B40-C3A8-4505-B8C9-2F2C7753BFC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r4:*:*:*:*:*:*", "matchCriteriaId": "E37280FF-ADAF-4829-9193-E1C203E1BE42", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host."}, {"lang": "es", "value": "Quick emulator (QEMU) con soporte integrado para el emulador Cirrus CLGD 54xx VGA es vulnerable a un problema de acceso fuera de l\u00edmites. Podr\u00eda ocurrir mientras se copian datos VGA mediante la copia bitblt en modo backward. Un usuario privilegiado en un invitado podr\u00eda emplear este error para provocar el cierre inesperado del proceso QEMU, lo que resulta en una denegaci\u00f3n de servicio (DoS) o en la potencial ejecuci\u00f3n de c\u00f3digo arbitrario en el host con los privilegios del proceso QEMU en el host."}], "id": "CVE-2017-2615", "lastModified": "2024-11-21T03:23:50.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 3.7, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-03T01:29:00.393", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/01/6"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95990"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037804"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-27"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-28"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.citrix.com/article/CTX220771"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/01/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.citrix.com/article/CTX220771"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Li Qiang (360.cn Inc.) and Wjjzhang (Tencent.com Inc.) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2017:0454", "cpe": "cpe:/a:redhat:rhel_virtualization:5", "package": "kvm-0:83-277.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2017-03-07T00:00:00Z"}, {"advisory": "RHSA-2017:0309", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "qemu-kvm-2:0.12.1.2-2.491.el6_8.6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-02-23T00:00:00Z"}, {"advisory": "RHSA-2017:0396", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-10:1.5.3-126.el7_3.5", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-03-02T00:00:00Z"}, {"advisory": "RHSA-2017:0334", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "qemu-kvm-rhev-2:0.12.1.2-2.491.el6_8.7", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0333", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0332", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0331", "cpe": "cpe:/a:redhat:openstack:7::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0328", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0330", "cpe": "cpe:/a:redhat:openstack:8::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0329", "cpe": "cpe:/a:redhat:openstack:9::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0350", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2017-03-01T00:00:00Z"}, {"advisory": "RHSA-2017:0344", "cpe": "cpe:/a:redhat:enterprise_linux:6::hypervisor", "package": "qemu-kvm-rhev-2:0.12.1.2-2.491.el6_8.6", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date": "2017-02-28T00:00:00Z"}, {"advisory": "RHSA-2017:0350", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7", "release_date": "2017-03-01T00:00:00Z"}], "bugzilla": {"description": "Qemu: display: cirrus: oob access while doing bitblt copy backward mode", "id": "1418200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418200"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-787", "details": ["Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.", "Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host."], "name": "CVE-2017-2615", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}], "public_date": "2017-01-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-2615\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2615"], "threat_severity": "Important"}