CVE-2017-13673
First published: Tue Aug 29 2017(Updated: )
Quick emulator(Qemu) built with the VGA display emulator support is vulnerable to an assert failure issue. It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the Qemu process on the host resulting in DoS. Upstream patch: --------------- -> <a href="https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05333.html">https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05333.html</a> Reference: ---------- -> <a href="http://www.openwall.com/lists/oss-security/2017/08/30/4">http://www.openwall.com/lists/oss-security/2017/08/30/4</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/qemu | 1:3.1+dfsg-8+deb10u8 1:3.1+dfsg-8+deb10u11 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u3 1:8.1.2+ds-1 1:8.2.0+ds-1 | |
| QEMU KVM | =2.8.0 | |
| QEMU KVM | =2.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
- http://www.openwall.com/lists/oss-security/2017/09/10/1
- http://www.securityfocus.com/bid/100527
- https://access.redhat.com/errata/RHSA-2018:1104
- https://access.redhat.com/errata/RHSA-2018:1113
- https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d
- https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
- https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=d6f7f3b0cf4b6c5e7cdff9dfa6d20545e1051375
- https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=fec5e8c92becad223df9d972770522f64aafdb72
- https://security-tracker.debian.org/tracker/CVE-2017-13673
- https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05333.html
- http://www.openwall.com/lists/oss-security/2017/08/30/4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1486591
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1486589
- https://bugzilla.redhat.com/show_bug.cgi?id=1486588
- https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d
Frequently Asked Questions
What is the severity of CVE-2017-13673?
CVE-2017-13673 has a medium severity rating due to its potential to crash the graphics display in a vulnerable environment.
How do I fix CVE-2017-13673?
To fix CVE-2017-13673, update to the recommended versions of QEMU, specifically those addressing this vulnerability.
What component is affected by CVE-2017-13673?
CVE-2017-13673 affects the VGA display emulator component of the QEMU virtualization software.
Who is impacted by CVE-2017-13673?
Privileged users or processes within guest systems running vulnerable versions of QEMU may be impacted by CVE-2017-13673.
Is CVE-2017-13673 exploitable remotely?
CVE-2017-13673 is not directly exploitable remotely as it requires a privileged user within the guest system.
- collector/security-tracker-debian
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-13673
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- package-manager/debian
- vendor/qemu
- canonical/qemu kvm
- version/qemu kvm/2.8.0
- version/qemu kvm/2.9.0