{"containers": {"cna": {"affected": [{"product": "Qemu:", "vendor": "QEMU", "versions": [{"status": "affected", "version": "2.8"}]}], "datePublic": "2017-02-21T00:00:00", "descriptions": [{"lang": "en", "value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-07T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2017:0329", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"}, {"name": "RHSA-2017:0334", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"}, {"name": "1037870", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037870"}, {"name": "RHSA-2017:0328", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"}, {"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "RHSA-2017:0333", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"}, {"name": "RHSA-2017:0351", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"}, {"name": "RHSA-2017:0454", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://xenbits.xen.org/xsa/advisory-209.html"}, {"name": "RHSA-2017:0331", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"}, {"name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"}, {"name": "RHSA-2017:0350", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"}, {"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"}, {"name": "RHSA-2017:0396", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"}, {"name": "GLSA-201704-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201704-01"}, {"name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"}, {"name": "RHSA-2017:0352", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"}, {"name": "RHSA-2017:0330", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"}, {"name": "RHSA-2017:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"}, {"name": "96378", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96378"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX220771"}, {"name": "GLSA-201703-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201703-07"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2017-2620", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Qemu:", "version": {"version_data": [{"version_value": "2.8"}]}}]}, "vendor_name": "QEMU"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."}]}, "impact": {"cvss": [[{"vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.0"}], [{"vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:0329", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"}, {"name": "RHSA-2017:0334", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"}, {"name": "1037870", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037870"}, {"name": "RHSA-2017:0328", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"}, {"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "RHSA-2017:0333", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"}, {"name": "RHSA-2017:0351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"}, {"name": "RHSA-2017:0454", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"}, {"name": "https://xenbits.xen.org/xsa/advisory-209.html", "refsource": "CONFIRM", "url": "https://xenbits.xen.org/xsa/advisory-209.html"}, {"name": "RHSA-2017:0331", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"}, {"name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"}, {"name": "RHSA-2017:0350", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"}, {"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"}, {"name": "RHSA-2017:0396", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"}, {"name": "GLSA-201704-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-01"}, {"name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"}, {"name": "RHSA-2017:0352", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"}, {"name": "RHSA-2017:0330", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"}, {"name": "RHSA-2017:0332", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"}, {"name": "96378", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96378"}, {"name": "https://support.citrix.com/article/CTX220771", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX220771"}, {"name": "GLSA-201703-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201703-07"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:02:07.311Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:0329", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"}, {"name": "RHSA-2017:0334", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"}, {"name": "1037870", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037870"}, {"name": "RHSA-2017:0328", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"}, {"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "RHSA-2017:0333", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"}, {"name": "RHSA-2017:0351", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"}, {"name": "RHSA-2017:0454", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://xenbits.xen.org/xsa/advisory-209.html"}, {"name": "RHSA-2017:0331", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"}, {"name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"}, {"name": "RHSA-2017:0350", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"}, {"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"}, {"name": "RHSA-2017:0396", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"}, {"name": "GLSA-201704-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201704-01"}, {"name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"}, {"name": "RHSA-2017:0352", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"}, {"name": "RHSA-2017:0330", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"}, {"name": "RHSA-2017:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"}, {"name": "96378", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96378"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX220771"}, {"name": "GLSA-201703-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201703-07"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-2620", "datePublished": "2018-07-27T19:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2024-08-05T14:02:07.311Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "10EE7DD6-EC30-4385-A028-E579F232BEFA", "versionEndExcluding": "2.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FCF191B-971A-4945-AB14-08091689BE2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "878949E0-D656-4E0E-858A-C6AD948A2A2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "DBCF6643-ACDE-4DDB-8B01-D952DDF8951E", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "405F950F-0772-41A3-8B72-B67151CC1376", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5647AEA-DCE6-4950-A7EB-05465ECDDE16", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "E26BFEBF-36AE-4956-918E-0F3745F67103", "versionEndIncluding": "4.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r1:*:*:*:*:*:*", "matchCriteriaId": "28DC6689-C725-4A0D-B18F-F06C63F43AAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r2:*:*:*:*:*:*", "matchCriteriaId": "BDDCD905-A9D3-4BF7-BC92-35886465241E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r3:*:*:*:*:*:*", "matchCriteriaId": "ADCF1B40-C3A8-4505-B8C9-2F2C7753BFC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r4:*:*:*:*:*:*", "matchCriteriaId": "E37280FF-ADAF-4829-9193-E1C203E1BE42", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r5:*:*:*:*:*:*", "matchCriteriaId": "A0619169-9642-47F9-8F15-C5497E790CDE", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r6:*:*:*:*:*:*", "matchCriteriaId": "A4ECE000-A99A-4ED4-B5E3-5162EC48CFB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r7:*:*:*:*:*:*", "matchCriteriaId": "CF50E3A9-19A3-4015-BF56-070833B5D2CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."}, {"lang": "es", "value": "Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de acceso fuera de l\u00edmites. El problema puede ocurrir al copiar datos VGA en cirrus_bitblt_cputovideo. Un usuario privilegiado dentro de guest podr\u00eda usar esta vulnerabilidad para bloquear el proceso de QEMU o potencialmente ejecutar c\u00f3digo arbitrario en el host con privilegios del proceso de QEMU."}], "id": "CVE-2017-2620", "lastModified": "2024-11-21T03:23:50.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 3.7, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-27T19:29:00.330", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96378"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037870"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201703-07"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201704-01"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.citrix.com/article/CTX220771"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-209.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96378"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201703-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201704-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.citrix.com/article/CTX220771"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-209.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0454", "cpe": "cpe:/a:redhat:rhel_virtualization:5", "package": "kvm-0:83-277.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2017-03-07T00:00:00Z"}, {"advisory": "RHSA-2017:0352", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "qemu-kvm-2:0.12.1.2-2.491.el6_8.7", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-03-01T00:00:00Z"}, {"advisory": "RHSA-2017:0396", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-10:1.5.3-126.el7_3.5", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-03-02T00:00:00Z"}, {"advisory": "RHSA-2017:0334", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "qemu-kvm-rhev-2:0.12.1.2-2.491.el6_8.7", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0333", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0332", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0331", "cpe": "cpe:/a:redhat:openstack:7::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0328", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0330", "cpe": "cpe:/a:redhat:openstack:8::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0329", "cpe": "cpe:/a:redhat:openstack:9::el7", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date": "2017-02-27T00:00:00Z"}, {"advisory": "RHSA-2017:0350", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2017-03-01T00:00:00Z"}, {"advisory": "RHSA-2017:0351", "cpe": "cpe:/a:redhat:enterprise_linux:6::hypervisor", "package": "qemu-kvm-rhev-2:0.12.1.2-2.491.el6_8.7", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date": "2017-03-01T00:00:00Z"}, {"advisory": "RHSA-2017:0350", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.6.0-28.el7_3.6", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-7", "release_date": "2017-03-01T00:00:00Z"}], "bugzilla": {"description": "Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo", "id": "1420484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420484"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-787", "details": ["Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.", "Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."], "name": "CVE-2017-2620", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}], "public_date": "2017-02-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-2620\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2620\nhttps://xenbits.xen.org/xsa/advisory-209.html"], "threat_severity": "Important", "upstream_fix": "qemu 2.8"}