ELSA-2017-0309 -- Oracle qemu-kvm_qemu-guest-agentID: oval:org.secpod.oval:def:1501778 | Date: (C)2017-02-27 (M)2023-12-20 |
Class: PATCH | Family: unix |
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
Product: |
qemu-kvm |
qemu-guest-agent |