CVE ID
CVE-2017-7980
DESCRIPTION
An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data via
various bitblt functions. A privileged user inside a guest could use this flaw
to crash the QEMU process or, potentially, execute arbitrary code on the host
with privileges of the QEMU process.
CVSS3 Base Score 5.5
CVSS v2 Base Score 4.9
Related CVEs: CVE-2017-7718, CVE-2017-2615, CVE-2017-2620, CVE-2017-2633, CVE-2016-9603
RESOLUTION
Fixed in latest Unitrends security update with
qemu-kvm-0.12.1.2-2.503.el6_9.3
LINK TO ADVISORIES
- https://nvd.nist.gov/vuln/detail/CVE-2017-7980
- https://access.redhat.com/security/cve/cve-2017-7980
- https://access.redhat.com/security/cve/cve-2017-7718
- https://access.redhat.com/security/cve/cve-2017-2633
- https://access.redhat.com/security/cve/cve-2017-2620
- https://access.redhat.com/security/cve/cve-2017-2615
- https://access.redhat.com/security/cve/cve-2016-9603