Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 629316 (CVE-2017-13673)

Summary: <app-emulation/qemu-2.10.0: denial of service (assertion failure) (CVE-2017-13673)
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: qemu+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13673
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 629350    
Bug Blocks:    

Description D'juan McDonald (domhnall) 2017-08-29 18:39:25 UTC
From ${URL}:

The vga display update in Qemu 2.8.0 through 2.9.0 mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the "cpu_physical_memory_snapshot_get_dirty" function.

CVE Details: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13673

Patch: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
Comment 1 Matthias Maier gentoo-dev 2017-09-01 02:02:32 UTC
This is fixed upstream in qemu-2.10.0
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2017-09-03 23:00:35 UTC
(In reply to Matthias Maier from comment #1)
> This is fixed upstream in qemu-2.10.0

Has it been backported to 2.9.x?
Comment 3 D'juan McDonald (domhnall) 2017-10-21 05:05:09 UTC
(In reply to Aaron Bauman from comment #2)
> Has it been backported to 2.9.x?

Fixes: CVE-2017-13673
+Fixes: fec5e8c92becad223df9d972770522f64aafdb72
+Cc: P J P <ppandit@redhat.com>
+Reported-by: David Buchanan <d@vidbuchanan.co.uk>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 20170828123307.15392-1-kraxel@redhat.com
+
+Upstream-Status: Backport
+[https://git.qemu.org/?p=qemu.git;a=commit;h=e65294157d4b69393b3f819c99f4f647452b48e3]
+
+CVE: CVE-2017-13673
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>

"Impact:  DoS for privileged guest users. "

-------------------------------------------

It appears this was indeed backported to 2.9.x