CVE-2017-7980 qemu: OOB r/w access issues in bitblt routines

CVE ID

CVE-2017-7980

DESCRIPTION

An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data via
various bitblt functions. A privileged user inside a guest could use this flaw
to crash the QEMU process or, potentially, execute arbitrary code on the host
with privileges of the QEMU process.

CVSS3 Base Score    5.5
CVSS v2 Base Score  4.9

Related CVEs: CVE-2017-7718, CVE-2017-2615, CVE-2017-2620, CVE-2017-2633, CVE-2016-9603

RESOLUTION

Fixed in latest Unitrends security update with
   qemu-kvm-0.12.1.2-2.503.el6_9.3

LINK TO ADVISORIES

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section