CVE-2017-13673
First published: Tue Aug 29 2017(Updated: )
Quick emulator(Qemu) built with the VGA display emulator support is vulnerable to an assert failure issue. It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the Qemu process on the host resulting in DoS. Upstream patch: --------------- -> <a href="https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05333.html">https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05333.html</a> Reference: ---------- -> <a href="http://www.openwall.com/lists/oss-security/2017/08/30/4">http://www.openwall.com/lists/oss-security/2017/08/30/4</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU qemu | =2.8.0 | |
| QEMU qemu | =2.9.0 | |
| debian/qemu | 1:3.1+dfsg-8+deb10u8 1:3.1+dfsg-8+deb10u11 1:5.2+dfsg-11+deb11u3 1:5.2+dfsg-11+deb11u2 1:7.2+dfsg-7+deb12u3 1:8.1.2+ds-1 1:8.2.0+ds-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
- http://www.openwall.com/lists/oss-security/2017/09/10/1
- http://www.securityfocus.com/bid/100527
- https://access.redhat.com/errata/RHSA-2018:1104
- https://access.redhat.com/errata/RHSA-2018:1113
- https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d
- https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
- https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=d6f7f3b0cf4b6c5e7cdff9dfa6d20545e1051375
- https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=fec5e8c92becad223df9d972770522f64aafdb72
- https://security-tracker.debian.org/tracker/CVE-2017-13673
- https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05333.html
- http://www.openwall.com/lists/oss-security/2017/08/30/4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1486591
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1486589
- https://bugzilla.redhat.com/show_bug.cgi?id=1486588
- https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d
- collector/nvd-index
- collector/security-tracker-debian
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-13673
- agent/last-modified-date
- agent/tags
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/qemu
- canonical/qemu qemu
- version/qemu qemu/2.8.0
- version/qemu qemu/2.9.0
- package-manager/debian