#VU31986 Out-of-bounds read in QEMU - CVE-2017-2620

Cybersecurity Help s.r.o.

Published: 2020-07-28

Vulnerability identifier: #VU31986

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-2620

CWE-ID: CWE-125

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

QEMU: 2.7.0 rc0 - 2.7.1

External links
https://rhn.redhat.com/errata/RHSA-2017-0328.html
https://rhn.redhat.com/errata/RHSA-2017-0329.html
https://rhn.redhat.com/errata/RHSA-2017-0330.html
https://rhn.redhat.com/errata/RHSA-2017-0331.html
https://rhn.redhat.com/errata/RHSA-2017-0332.html
https://rhn.redhat.com/errata/RHSA-2017-0333.html
https://rhn.redhat.com/errata/RHSA-2017-0334.html
https://rhn.redhat.com/errata/RHSA-2017-0350.html
https://rhn.redhat.com/errata/RHSA-2017-0351.html
https://rhn.redhat.com/errata/RHSA-2017-0352.html
https://rhn.redhat.com/errata/RHSA-2017-0396.html
https://rhn.redhat.com/errata/RHSA-2017-0454.html
https://www.openwall.com/lists/oss-security/2017/02/21/1
https://www.securityfocus.com/bid/96378
https://www.securitytracker.com/id/1037870
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
https://security.gentoo.org/glsa/201703-07
https://security.gentoo.org/glsa/201704-01
https://support.citrix.com/article/CTX220771
https://xenbits.xen.org/xsa/advisory-209.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in QEMU

Gentoo update for Xen

Red Hat Enterprise Linux 5 update for kvm

Out-of-bounds read in xen (Alpine package)

Multiple vulnerabilities in Red Hat OpenStack 8.0 packages

Multiple vulnerabilities in Red Hat OpenStack 9.0 packages

Multiple vulnerabilities in Red Hat OpenStack 10.0 packages

Fedora 24 update for xen

Fedora 25 update for xen