Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2017-2615: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

SUSE: CVE-2017-2615: SUSE Linux Security Advisory

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

02/10/2017

Created

07/25/2018

Added

02/28/2017

Modified

02/04/2022

Description

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

Solution(s)

suse-upgrade-kvm
suse-upgrade-qemu
suse-upgrade-qemu-arm
suse-upgrade-qemu-audio-alsa
suse-upgrade-qemu-audio-oss
suse-upgrade-qemu-audio-pa
suse-upgrade-qemu-audio-spice
suse-upgrade-qemu-block-curl
suse-upgrade-qemu-block-iscsi
suse-upgrade-qemu-block-rbd
suse-upgrade-qemu-block-ssh
suse-upgrade-qemu-chardev-baum
suse-upgrade-qemu-chardev-spice
suse-upgrade-qemu-guest-agent
suse-upgrade-qemu-hw-display-qxl
suse-upgrade-qemu-hw-display-virtio-gpu
suse-upgrade-qemu-hw-display-virtio-gpu-pci
suse-upgrade-qemu-hw-display-virtio-vga
suse-upgrade-qemu-hw-s390x-virtio-gpu-ccw
suse-upgrade-qemu-hw-usb-redirect
suse-upgrade-qemu-ipxe
suse-upgrade-qemu-ksm
suse-upgrade-qemu-kvm
suse-upgrade-qemu-lang
suse-upgrade-qemu-microvm
suse-upgrade-qemu-ppc
suse-upgrade-qemu-s390
suse-upgrade-qemu-s390x
suse-upgrade-qemu-seabios
suse-upgrade-qemu-sgabios
suse-upgrade-qemu-skiboot
suse-upgrade-qemu-tools
suse-upgrade-qemu-ui-curses
suse-upgrade-qemu-ui-gtk
suse-upgrade-qemu-ui-opengl
suse-upgrade-qemu-ui-spice-app
suse-upgrade-qemu-ui-spice-core
suse-upgrade-qemu-vgabios
suse-upgrade-qemu-x86
suse-upgrade-xen
suse-upgrade-xen-devel
suse-upgrade-xen-doc-html
suse-upgrade-xen-doc-pdf
suse-upgrade-xen-kmp-default
suse-upgrade-xen-kmp-pae
suse-upgrade-xen-libs
suse-upgrade-xen-libs-32bit
suse-upgrade-xen-tools
suse-upgrade-xen-tools-domu
suse-upgrade-xen-tools-xendomains-wait-disk

References

SUSE-SU-2017:0570-1
SUSE-SU-2017:0571-1
SUSE-SU-2017:0582-1
SUSE-SU-2017:0625-1
SUSE-SU-2017:0647-1
SUSE-SU-2017:0661-1
SUSE-SU-2017:0718-1
SUSE-SU-2017:1135-1
SUSE-SU-2017:1241-1
SUSE-SU-2017:3084-1
CVE-2017-2615
DLA-842-1
DLA-845-1
USN-3261-1

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2017-2615: SUSE Linux Security Advisory

SUSE: CVE-2017-2615: SUSE Linux Security Advisory

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.