CVE-2017-2633
Published: 22 February 2017
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
qemu Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1:2.8+dfsg-3ubuntu2)
|
| bionic |
Not vulnerable
(1:2.8+dfsg-3ubuntu2)
|
|
| cosmic |
Not vulnerable
(1:2.8+dfsg-3ubuntu2)
|
|
| disco |
Not vulnerable
(1:2.8+dfsg-3ubuntu2)
|
|
| eoan |
Not vulnerable
(1:2.8+dfsg-3ubuntu2)
|
|
| focal |
Not vulnerable
(1:2.8+dfsg-3ubuntu2)
|
|
| groovy |
Not vulnerable
(1:2.8+dfsg-3ubuntu2)
|
|
| hirsute |
Not vulnerable
(1:2.8+dfsg-3ubuntu2)
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(2.0.0+dfsg-2ubuntu1.33)
|
|
| upstream |
Needed
|
|
| xenial |
Not vulnerable
(1:2.5+dfsg-5ubuntu10.10)
|
|
| yakkety |
Not vulnerable
(1:2.6.1+dfsg-0ubuntu5.3)
|
|
| zesty |
Not vulnerable
(1:2.8+dfsg-3ubuntu2)
|
|
|
Patches: upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=9f64916da20eea67121d544698676295bbb105a7 upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b54316c767cf894ef |
||
|
qemu-kvm Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| precise |
Ignored
(reached end-of-life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needed
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |