[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2017:1430 -- centos 7 qemu-kvm

ID: oval:org.secpod.oval:def:204515Date: (C)2017-06-16   (M)2022-10-10
Class: PATCHFamily: unix




Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * An out-of-bounds r/w access issue was found in QEMU"s Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. * An out-of-bounds access issue was found in QEMU"s Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions . A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. Red Hat would like to thank Jiangxin and Li Qiang for reporting CVE-2017-7980 and Jiangxin for reporting CVE-2017-7718. Bug Fix: * Previously, guest virtual machines in some cases became unresponsive when the "pty" back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring

Platform:
CentOS 7
Product:
qemu-kvm
Reference:
CESA-2017:1430
CVE-2017-7718
CVE-2017-7980
CVE    2
CVE-2017-7980
CVE-2017-7718
CPE    2
cpe:/a:kvm_group:qemu-kvm
cpe:/o:centos:centos:7

© SecPod Technologies