Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2017-7980

Disclosure Date: July 25, 2017 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

canonical,
debian,
qemu,
redhat

Products

debian linux 8.0,
enterprise linux desktop 6.0,
enterprise linux desktop 7.0,
enterprise linux server 6.0,
enterprise linux server 7.0,
enterprise linux server aus 7.3,
enterprise linux server aus 7.4,
enterprise linux server aus 7.6,
enterprise linux server eus 7.3,
enterprise linux server eus 7.4,
enterprise linux server eus 7.5,
enterprise linux server eus 7.6,
enterprise linux server tus 7.3,
enterprise linux server tus 7.6,
enterprise linux workstation 6.0,
enterprise linux workstation 7.0,
openstack 10,
openstack 5.0,
openstack 6.0,
openstack 7.0,
openstack 8,
openstack 9,
qemu,
ubuntu linux 14.04,
ubuntu linux 16.04,
ubuntu linux 16.10,
ubuntu linux 17.04,
virtualization 3.0

References

Canonical

CVE-2017-7980 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7980)

BID-97955 (http://www.securityfocus.com/bid/97955)

BID-102129 (http://www.securityfocus.com/bid/102129)

Advisory

https://access.redhat.com/errata/RHSA-2017:0983

[oss-security] 20170421 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines (http://www.openwall.com/lists/oss-security/2017/04/21/1)

https://access.redhat.com/errata/RHSA-2017:0982

[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html)

https://access.redhat.com/errata/RHSA-2017:1430

GLSA-201706-03 (https://security.gentoo.org/glsa/201706-03)

USN-3289-1 (http://ubuntu.com/usn/usn-3289-1)

https://access.redhat.com/errata/RHSA-2017:1206

https://access.redhat.com/errata/RHSA-2017:0984

https://access.redhat.com/errata/RHSA-2017:0988

https://access.redhat.com/errata/RHSA-2017:1441

https://bugzilla.redhat.com/show_bug.cgi?id=1430056

https://access.redhat.com/errata/RHSA-2017:0981

https://access.redhat.com/errata/RHSA-2017:0980

https://access.redhat.com/errata/RHSA-2017:1205

https://support.citrix.com/article/CTX230138

Rapid7

Technical Analysis