Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 629316 (CVE-2017-13673) - <app-emulation/qemu-2.10.0: denial of service (assertion failure) (CVE-2017-13673)
Summary: <app-emulation/qemu-2.10.0: denial of service (assertion failure) (CVE-2017-1...
Alias: CVE-2017-13673
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on: CVE-2017-13711
  Show dependency tree
Reported: 2017-08-29 18:39 UTC by D'juan McDonald (domhnall)
Modified: 2017-11-12 21:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-08-29 18:39:25 UTC
From ${URL}:

The vga display update in Qemu 2.8.0 through 2.9.0 mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the "cpu_physical_memory_snapshot_get_dirty" function.

CVE Details:

Comment 1 Matthias Maier gentoo-dev 2017-09-01 02:02:32 UTC
This is fixed upstream in qemu-2.10.0
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2017-09-03 23:00:35 UTC
(In reply to Matthias Maier from comment #1)
> This is fixed upstream in qemu-2.10.0

Has it been backported to 2.9.x?
Comment 3 D'juan McDonald (domhnall) 2017-10-21 05:05:09 UTC
(In reply to Aaron Bauman from comment #2)
> Has it been backported to 2.9.x?

Fixes: CVE-2017-13673
+Fixes: fec5e8c92becad223df9d972770522f64aafdb72
+Cc: P J P <>
+Reported-by: David Buchanan <>
+Signed-off-by: Gerd Hoffmann <>
+Upstream-Status: Backport
+CVE: CVE-2017-13673
+Signed-off-by: Yi Zhao <>

"Impact:  DoS for privileged guest users. "


It appears this was indeed backported to 2.9.x