Main Vulnerability Database SB2017113052

SB2017113052 - Red Hat update for qemu-kvm

Published: November 30, 2017

Security Bulletin ID SB2017113052

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2017-14167)

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The weakness exists in the load_multiboot function in hw/i386/multiboot.c due to integer overflow. An adjacent attacker can execute arbitrary code via specially crafted multiboot header address values, which trigger an out-of-bounds write.

Successful exploitation of the vulnerability may result in system compromise.

2) Out-of-bounds write (CVE-ID: CVE-2017-15289)

The vulnerability allows an adjacent authenticated attacker to cause DoS condition on the target system.

The weakness exists in the mode4and5 write functions in hw/display/cirrus_vga.c due to out-of-bounds write. An adjacent attacker can trigger memory corruption and cause the service to crash via vectors related to dst calculation.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2017:3368