CVE-2017-13672
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.1 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
31.4%
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qemu:qemu | qemu | le | 2.10.2 |
| debian:debian_linux | debian debian linux | eq | 9.0 |
References
lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
www.debian.org/security/2017/dsa-3991
www.openwall.com/lists/oss-security/2017/08/30/3
www.securityfocus.com/bid/100540
access.redhat.com/errata/RHSA-2018:0816
access.redhat.com/errata/RHSA-2018:1104
access.redhat.com/errata/RHSA-2018:1113
access.redhat.com/errata/RHSA-2018:2162
bugzilla.redhat.com/show_bug.cgi?id=1486560
lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html
usn.ubuntu.com/3575-1/
Social References
More
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.1 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
31.4%