exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2017-15289

Status Candidate

Overview

The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.

Related Files

Red Hat Security Advisory 2018-0516-01
Posted Mar 13, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0516-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. An out of bounds access issue was addressed.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2017-15289
SHA-256 | 800a206980b758c796d8ce438adbd73f3e721a9216bde5fbe8f6aac8d6475214
Ubuntu Security Notice USN-3575-2
Posted Mar 5, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3575-2 - USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-11334, CVE-2017-13672, CVE-2017-14167, CVE-2017-15038, CVE-2017-15118, CVE-2017-15119, CVE-2017-15124, CVE-2017-15268, CVE-2017-15289, CVE-2017-16845, CVE-2017-17381, CVE-2017-18043, CVE-2018-5683
SHA-256 | 9552b2912301778a8c60092d6adbf1e844f5f2e13f1985b94b4fe06b63c2559c
Ubuntu Security Notice USN-3575-1
Posted Feb 20, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3575-1 - It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2017-11334, CVE-2017-13672, CVE-2017-14167, CVE-2017-15038, CVE-2017-15118, CVE-2017-15119, CVE-2017-15124, CVE-2017-15268, CVE-2017-15289, CVE-2017-16845, CVE-2017-17381, CVE-2017-18043, CVE-2018-5683
SHA-256 | 9216cd38d1a355f9c315588c2a43b7eb0867dc1c8b82f16c2edab968fb6683e4
Red Hat Security Advisory 2017-3474-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3474-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | b146276f21006a6482f059705c18a8672e10a014be7b092c305842e8f3060279
Red Hat Security Advisory 2017-3466-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3466-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | 84a7b3f4ea4874af0ae1de4c1762b18a68c9aebe5f589fd042d64b0f18ab77f6
Red Hat Security Advisory 2017-3473-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3473-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | 5185cca79ae85a913d5eca3f4c5ae46050222a65b86838a1ea3fa3cb98c73575
Red Hat Security Advisory 2017-3472-01
Posted Dec 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3472-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | facd3d0559b2b0966a6eef7678ab1ea1ee5805c62f3537e7ea2ef451f2b80b92
Red Hat Security Advisory 2017-3470-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3470-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | efb4335c9408229c495f95ad12044120be9a1e15087a66ae9adce3583c29740d
Red Hat Security Advisory 2017-3471-01
Posted Dec 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3471-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: An assertion-failure flaw was found in the Network Block Device server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2017-10664, CVE-2017-11334, CVE-2017-14167, CVE-2017-15289, CVE-2017-7539
SHA-256 | 6c949e978f3129a4fa9524d05a3e6a59fc158b36609c374f54dd21fcdd7bb992
Red Hat Security Advisory 2017-3368-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3368-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: Quick Emulator, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.

tags | advisory, overflow, arbitrary, kernel, code execution
systems | linux, redhat
advisories | CVE-2017-14167, CVE-2017-15289
SHA-256 | 682cd4f9e4229c10932e11b3d2ac23066bdafab617753713cb2ec10632130e20
Red Hat Security Advisory 2017-3369-01
Posted Nov 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3369-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator, compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-11334, CVE-2017-14167, CVE-2017-15289
SHA-256 | 8772a3e39319b85ec00526ac683eb62611b7a823641c428559c0c26d704e710b
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close