Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 609158 (CVE-2017-2615)

Summary: [TRACKER] qemu: display: cirrus: oob access while doing bitblt copy backward mode (CVE-2017-2615)
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal Keywords: Tracker
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2017/02/01/6
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 608034, 609160    
Bug Blocks:    

Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-12 18:33:01 UTC
Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is
vulnerable to an out-of-bounds access issue. It could occur while copying
VGA data via bitblt copy in backward mode.

A privileged user inside guest could use this flaw to crash the Qemu process
resulting in DoS OR potentially execute arbitrary code on the host with
privileges of Qemu process on the host.

Upstream patch:

https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-02-21 20:41:10 UTC
All done.