CVE-2017-15289 - OpenCVE

The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2017/10/12/16	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/101262	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:3368	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3369	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3466	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3470	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3471	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3472	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3473	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3474	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0516	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1501290	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html	Mailing List Patch Third Party Advisory
https://usn.ubuntu.com/3575-1/	Third Party Advisory
https://www.debian.org/security/2018/dsa-4213	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-16T18:00:00

Updated: 2018-09-07T09:57:01

Reserved: 2017-10-12T00:00:00

Link: CVE-2017-15289

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-10-16T18:29:00.623

Modified: 2020-11-10T18:53:23.020

Link: CVE-2017-15289

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-07T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2018:0516", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0516"}, {"name": "RHSA-2017:3473", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3473"}, {"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "DSA-4213", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4213"}, {"name": "101262", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101262"}, {"name": "[oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/10/12/16"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290"}, {"name": "RHSA-2017:3470", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3470"}, {"name": "RHSA-2017:3472", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3472"}, {"name": "RHSA-2017:3474", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3474"}, {"name": "USN-3575-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3575-1/"}, {"name": "RHSA-2017:3471", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3471"}, {"name": "RHSA-2017:3368", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3368"}, {"name": "[qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html"}, {"name": "RHSA-2017:3466", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3466"}, {"name": "RHSA-2017:3369", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3369"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15289", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:0516", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0516"}, {"name": "RHSA-2017:3473", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3473"}, {"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "DSA-4213", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4213"}, {"name": "101262", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101262"}, {"name": "[oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/10/12/16"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290"}, {"name": "RHSA-2017:3470", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3470"}, {"name": "RHSA-2017:3472", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3472"}, {"name": "RHSA-2017:3474", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3474"}, {"name": "USN-3575-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3575-1/"}, {"name": "RHSA-2017:3471", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3471"}, {"name": "RHSA-2017:3368", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3368"}, {"name": "[qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html"}, {"name": "RHSA-2017:3466", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3466"}, {"name": "RHSA-2017:3369", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3369"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15289", "datePublished": "2017-10-16T18:00:00", "dateReserved": "2017-10-12T00:00:00", "dateUpdated": "2018-09-07T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE828526-81EF-4807-8E73-E0FC56034D8B", "versionEndIncluding": "2.10.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation."}, {"lang": "es", "value": "Las funciones de escritura mode4and5 en hw/display/cirrus_vga.c en Qemu permiten que usuarios del sistema operativo invitados con privilegios provoquen una denegaci\u00f3n de servicio (acceso de lectura fuera de l\u00edmites y cierre inesperado del proceso Qemu) mediante vectores relacionados con el c\u00e1lculo dst."}], "id": "CVE-2017-15289", "lastModified": "2020-11-10T18:53:23.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-16T18:29:00.623", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/10/12/16"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101262"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3368"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3369"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3466"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3470"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3471"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3472"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3473"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3474"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0516"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3575-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4213"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}