vulnerability

Oracle Linux: CVE-2017-13672: ELSA-2018-0816: qemu-kvm security, bug fix, and enhancement update (LOW) (Multiple Advisories)

Try Surface Command
Back to search
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
Aug 24, 2017
Added
Apr 19, 2018
Modified
Dec 3, 2025

Description

QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.

Solutions

oracle-linux-upgrade-ivshmem-toolsoracle-linux-upgrade-qemuoracle-linux-upgrade-qemu-block-glusteroracle-linux-upgrade-qemu-block-iscsioracle-linux-upgrade-qemu-block-rbdoracle-linux-upgrade-qemu-commonoracle-linux-upgrade-qemu-guest-agentoracle-linux-upgrade-qemu-imgoracle-linux-upgrade-qemu-kvmoracle-linux-upgrade-qemu-kvm-commonoracle-linux-upgrade-qemu-kvm-coreoracle-linux-upgrade-qemu-kvm-toolsoracle-linux-upgrade-qemu-system-aarch64oracle-linux-upgrade-qemu-system-aarch64-coreoracle-linux-upgrade-qemu-system-x86oracle-linux-upgrade-qemu-system-x86-core

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today