vulnerability
CentOS Linux: CVE-2017-2620: Important: qemu-kvm security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | 2017-02-21 | 2017-03-01 | 2023-05-25 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
2017-02-21
Added
2017-03-01
Modified
2023-05-25
Description
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
Solution(s)
centos-upgrade-kmod-kvmcentos-upgrade-kmod-kvm-debugcentos-upgrade-kvmcentos-upgrade-kvm-debuginfocentos-upgrade-kvm-qemu-imgcentos-upgrade-kvm-toolscentos-upgrade-qemu-guest-agentcentos-upgrade-qemu-imgcentos-upgrade-qemu-kvmcentos-upgrade-qemu-kvm-commoncentos-upgrade-qemu-kvm-debuginfocentos-upgrade-qemu-kvm-tools
References
- BID-96378
- DEBIAN-DLA-842-1
- DEBIAN-DLA-845-1
- DISA_SEVERITY-Category I
- GENTOO-GLSA-201703-07
- GENTOO-GLSA-201704-01
- IAVM-2017-B-0024
- NVD-CVE-2017-2620
- REDHAT-RHSA-2017:0328
- REDHAT-RHSA-2017:0329
- REDHAT-RHSA-2017:0330
- REDHAT-RHSA-2017:0331
- REDHAT-RHSA-2017:0332
- REDHAT-RHSA-2017:0333
- REDHAT-RHSA-2017:0334
- REDHAT-RHSA-2017:0350
- REDHAT-RHSA-2017:0351
- REDHAT-RHSA-2017:0352
- REDHAT-RHSA-2017:0396
- REDHAT-RHSA-2017:0454
- SECTRACK-1037870
- UBUNTU-USN-3261-1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.