CVE-2017-2633 — MEDIUM (5.4)

Q: How severe is CVE-2017-2633?

CVE-2017-2633 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-2633?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.

Vulnerability Description

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Qemu	Qemu	< 1.7.2
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	7.4
Redhat	Enterprise Linux Server Eus	7.4
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-787 CWE-120 CWE-125

References

http://www.openwall.com/lists/oss-security/2017/02/23/1Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/96417Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:1205Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1206Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1441Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1856Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633Issue TrackingPatchThird Party Advisory
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d54469867
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b5431
http://www.openwall.com/lists/oss-security/2017/02/23/1Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/96417Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:1205Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1206Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1441Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1856Third Party Advisory

FAQ

What is CVE-2017-2633?

CVE-2017-2633 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_...

How severe is CVE-2017-2633?

CVE-2017-2633 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2633?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.