CVE-2017-2615

NameCVE-2017-2615
DescriptionQuick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1497-1, DLA-842-1, DLA-845-1
NVD severityhigh (attack range: remote)
Debian Bugs854731

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)jessie1:2.1+dfsg-12+deb8u6vulnerable
jessie (security)1:2.1+dfsg-12+deb8u7fixed
stretch (security), stretch1:2.8+dfsg-6+deb9u4fixed
buster, sid1:2.12+dfsg-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusource(unstable)1:2.8+dfsg-3low854731
qemusourcejessie1:2.1+dfsg-12+deb8u7highDLA-1497-1
qemusourcewheezy1.1.2+dfsg-6+deb7u20highDLA-845-1
qemu-kvmsourcewheezy1.1.2+dfsg-6+deb7u20highDLA-842-1

Notes

Introduced with: http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0 (which was the fix for CVE-2014-8106)
Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64

Search for package or bug name: Reporting problems