cpe:/a:qemu:qemu CVE-2017-15289 2017-10-16T14:29:00.623-04:00 2018-09-07T06:29:02.727-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov BID 101262 DEBIAN DSA-4213 REDHAT RHSA-2017:3368 REDHAT RHSA-2017:3369 REDHAT RHSA-2017:3466 REDHAT RHSA-2017:3470 REDHAT RHSA-2017:3471 REDHAT RHSA-2017:3472 REDHAT RHSA-2017:3473 REDHAT RHSA-2017:3474 REDHAT RHSA-2018:0516 UBUNTU USN-3575-1 MLIST [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update MLIST [oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions MLIST [qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1501290 The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.