vulnerability

Red Hat: CVE-2017-15124: Low: qemu-kvm security, bug fix, and enhancement update (Multiple Advisories)

Name: Red Hat: CVE-2017-15124: Low: qemu-kvm security, bug fix, and enhancement update (Multiple Advisories)
Creator: Red Hat
Published: 2018-01-09T00:00:00.000Z
Keywords: CVE, Red Hat, 2017, 15124, Low, redhat-upgrade-qemu-img, redhat-upgrade-qemu-img-ma, redhat-upgrade-qemu-kvm, redhat-upgrade-qemu-kvm-common, redhat-upgrade-qemu-kvm-common-ma, redhat-upgrade-qemu-kvm-debuginfo, redhat-upgrade-qemu-kvm-ma, redhat-upgrade-qemu-kvm-ma-debuginfo, redhat-upgrade-qemu-kvm-tools, redhat-upgrade-qemu-kvm-tools-ma, Severity 8

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Jan 9, 2018

Added

Apr 11, 2018

Modified

Feb 19, 2026

Description

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.

Solutions

redhat-upgrade-qemu-imgredhat-upgrade-qemu-img-maredhat-upgrade-qemu-kvmredhat-upgrade-qemu-kvm-commonredhat-upgrade-qemu-kvm-common-maredhat-upgrade-qemu-kvm-debuginforedhat-upgrade-qemu-kvm-maredhat-upgrade-qemu-kvm-ma-debuginforedhat-upgrade-qemu-kvm-toolsredhat-upgrade-qemu-kvm-tools-ma

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report