CVE-2017-18030

Published: 23 January 2018

The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.

Priority

Low

CVSS 3 base score: 4.4

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1:2.11+dfsg-1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:2.11+dfsg-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1:2.11+dfsg-1ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1:2.5+dfsg-5ubuntu10.20)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(2.0.0+dfsg-2ubuntu1.38)
Patches:
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=f153b563f8cf121aebf5a2fff5f0110faf58ccb3
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist