RHSA-2017:1430
Vulnerability from csaf_redhat - Published: 2017-06-13 07:26 - Updated: 2025-11-21 18:00Summary
Red Hat Security Advisory: qemu-kvm security and bug fix update
Severity
Important
Notes
Topic: An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.
Security Fix(es):
* An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)
* An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)
Red Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for reporting CVE-2017-7718.
Bug Fix(es):
* Previously, guest virtual machines in some cases became unresponsive when the "pty" back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring. (BZ#1452332)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service.
4.0 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
https://access.redhat.com/errata/RHSA-2017:1430
An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
https://access.redhat.com/errata/RHSA-2017:1430
References
Acknowledgments
PSIRT Huawei Inc.
Jiangxin
Qihoo 360 Gear Team
Li Qiang
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM.\n\nSecurity Fix(es):\n\n* An out-of-bounds r/w access issue was found in QEMU\u0027s Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980)\n\n* An out-of-bounds access issue was found in QEMU\u0027s Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718)\n\nRed Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for reporting CVE-2017-7718.\n\nBug Fix(es):\n\n* Previously, guest virtual machines in some cases became unresponsive when the \"pty\" back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring. (BZ#1452332)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:1430",
"url": "https://access.redhat.com/errata/RHSA-2017:1430"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1443441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443441"
},
{
"category": "external",
"summary": "1444371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444371"
},
{
"category": "external",
"summary": "1452332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452332"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1430.json"
}
],
"title": "Red Hat Security Advisory: qemu-kvm security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T18:00:50+00:00",
"generator": {
"date": "2025-11-21T18:00:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2017:1430",
"initial_release_date": "2017-06-13T07:26:41+00:00",
"revision_history": [
{
"date": "2017-06-13T07:26:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-06-13T07:26:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:00:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"product": {
"name": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"product_id": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-common@1.5.3-126.el7_3.9?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"product": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"product_id": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-debuginfo@1.5.3-126.el7_3.9?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"product": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"product_id": "qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img@1.5.3-126.el7_3.9?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"product": {
"name": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"product_id": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-tools@1.5.3-126.el7_3.9?arch=x86_64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"product": {
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"product_id": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm@1.5.3-126.el7_3.9?arch=x86_64\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.src",
"product": {
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.src",
"product_id": "qemu-kvm-10:1.5.3-126.el7_3.9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm@1.5.3-126.el7_3.9?arch=src\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"product": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"product_id": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-debuginfo@1.5.3-126.el7_3.9?arch=ppc64\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"product": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"product_id": "qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img@1.5.3-126.el7_3.9?arch=ppc64\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"product": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"product_id": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-kvm-debuginfo@1.5.3-126.el7_3.9?arch=ppc64le\u0026epoch=10"
}
}
},
{
"category": "product_version",
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"product": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"product_id": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qemu-img@1.5.3-126.el7_3.9?arch=ppc64le\u0026epoch=10"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src"
},
"product_reference": "qemu-kvm-10:1.5.3-126.el7_3.9.src",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Client-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src"
},
"product_reference": "qemu-kvm-10:1.5.3-126.el7_3.9.src",
"relates_to_product_reference": "7ComputeNode-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"relates_to_product_reference": "7Server-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"relates_to_product_reference": "7Server-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Server-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src"
},
"product_reference": "qemu-kvm-10:1.5.3-126.el7_3.9.src",
"relates_to_product_reference": "7Server-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Server-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Server-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"relates_to_product_reference": "7Server-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"relates_to_product_reference": "7Server-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Server-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Server-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-img-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src"
},
"product_reference": "qemu-kvm-10:1.5.3-126.el7_3.9.src",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Workstation-7.3.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64"
},
"product_reference": "qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"relates_to_product_reference": "7Workstation-7.3.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Jiangxin"
],
"organization": "PSIRT Huawei Inc."
}
],
"cve": "CVE-2017-7718",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1443441"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds access issue was found in QEMU\u0027s Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: display: cirrus: OOB read access issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7718"
},
{
"category": "external",
"summary": "RHBZ#1443441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7718",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7718"
}
],
"release_date": "2017-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-13T07:26:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1430"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Qemu: display: cirrus: OOB read access issue"
},
{
"acknowledgments": [
{
"names": [
"Jiangxin"
],
"organization": "PSIRT Huawei Inc."
},
{
"names": [
"Li Qiang"
],
"organization": "Qihoo 360 Gear Team"
}
],
"cve": "CVE-2017-7980",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2017-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1444371"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds r/w access issue was found in QEMU\u0027s Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Qemu: display: cirrus: OOB r/w access issues in bitblt routines",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7980"
},
{
"category": "external",
"summary": "RHBZ#1444371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7980",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7980"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7980",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7980"
}
],
"release_date": "2017-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-06-13T07:26:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
"product_ids": [
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:1430"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Client-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Client-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Client-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7ComputeNode-optional-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7ComputeNode-optional-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7ComputeNode-optional-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Server-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Server-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Server-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-img-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.src",
"7Workstation-7.3.Z:qemu-kvm-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-common-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.ppc64le",
"7Workstation-7.3.Z:qemu-kvm-debuginfo-10:1.5.3-126.el7_3.9.x86_64",
"7Workstation-7.3.Z:qemu-kvm-tools-10:1.5.3-126.el7_3.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Qemu: display: cirrus: OOB r/w access issues in bitblt routines"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…