CVE-2017-7980 qemu: OOB r/w access issues in bitblt routines

CVE ID

CVE-2017-7980

DESCRIPTION

An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data via
various bitblt functions. A privileged user inside a guest could use this flaw
to crash the QEMU process or, potentially, execute arbitrary code on the host
with privileges of the QEMU process.

CVSS3 Base Score    5.5
CVSS v2 Base Score  4.9

Related CVEs: CVE-2017-7718, CVE-2017-2615, CVE-2017-2620, CVE-2017-2633, CVE-2016-9603

RESOLUTION

Fixed in latest Unitrends security update with
   qemu-kvm-0.12.1.2-2.503.el6_9.3

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us