SB2018010434 - SUSE Linux update for kvm 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018010434

SB2018010434 - SUSE Linux update for kvm

Published: January 4, 2018

Security Bulletin ID SB2018010434
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2017-2633)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.


2) Information disclosure (CVE-ID: CVE-2017-5715)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.


Remediation

Install update from vendor's website.

References