RHSA-2017:1430-01 -- Redhat qemu-kvmID: oval:org.secpod.oval:def:502047 | Date: (C)2017-06-16 (M)2023-12-20 |
Class: PATCH | Family: unix |
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * An out-of-bounds r/w access issue was found in QEMU"s Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. * An out-of-bounds access issue was found in QEMU"s Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions . A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. Red Hat would like to thank Jiangxin and Li Qiang for reporting CVE-2017-7980 and Jiangxin for reporting CVE-2017-7718. Bug Fix: * Previously, guest virtual machines in some cases became unresponsive when the pty back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring
Platform: |
Red Hat Enterprise Linux 7 |