609158 – (CVE-2017-2615) [TRACKER] qemu: display: cirrus: oob access while doing bitblt copy backward mode (CVE-2017-2615)

Bug 609158 (CVE-2017-2615) - [TRACKER] qemu: display: cirrus: oob access while doing bitblt copy backward mode (CVE-2017-2615)

Summary: [TRACKER] qemu: display: cirrus: oob access while doing bitblt copy backward ...

Status:	RESOLVED FIXED

Alias:	CVE-2017-2615

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords:	Tracker

Depends on:	608034 XSA-208
Blocks:
	Show dependency tree

Reported:	2017-02-12 18:33 UTC by Thomas Deutschmann (RETIRED)
Modified:	2017-02-21 20:41 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2017-02-12 18:33:01 UTC

Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is
vulnerable to an out-of-bounds access issue. It could occur while copying
VGA data via bitblt copy in backward mode.

A privileged user inside guest could use this flaw to crash the Qemu process
resulting in DoS OR potentially execute arbitrary code on the host with
privileges of Qemu process on the host.

Upstream patch:

https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-02-21 20:41:10 UTC

All done.