QEMU 'hw/display/cirrus_vga_rop.h' Multiple Memory Corruption Vulnerabilities

QEMU is prone to multiple memory-corruption vulnerabilities.

Attackers can exploit these issues to obtain sensitive information or to crash the affected application, resulting in a denial-of-service condition.

Information

Bugtraq ID: 97957
Class: Design Error
CVE: CVE-2017-7718

Remote: Yes
Local: No
Published: Apr 19 2017 12:00AM
Updated: Apr 21 2017 03:07PM
Credit: Jiangxin of PSIRT Huawei Inc.
Vulnerable: Redhat OpenStack Platform 9.0
Redhat OpenStack Platform 8.0 (Liberty)
Redhat OpenStack Platform 10
Redhat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7
Redhat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7
Redhat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
QEMU QEMU 0

Not Vulnerable:

References:

• CVE-2017-7718 Qemu: display: cirrus: OOB read access issue (QEMU)
  
• CVE-2017-7718 Qemu: display: cirrus: OOB read access issue (Red Hat)
  
• QEMU Homepage (QEMU)
  

Source: www.securityfocus.com