vulnerability
CentOS Linux: CVE-2017-15124: Low: qemu-kvm security, bug fix, and enhancement update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jan 9, 2018 | Aug 28, 2019 | May 25, 2023 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jan 9, 2018
Added
Aug 28, 2019
Modified
May 25, 2023
Description
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
Solutions
centos-upgrade-qemu-imgcentos-upgrade-qemu-img-macentos-upgrade-qemu-kvmcentos-upgrade-qemu-kvm-commoncentos-upgrade-qemu-kvm-common-macentos-upgrade-qemu-kvm-debuginfocentos-upgrade-qemu-kvm-macentos-upgrade-qemu-kvm-ma-debuginfocentos-upgrade-qemu-kvm-toolscentos-upgrade-qemu-kvm-tools-ma
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.