EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1320)

🗓️ 18 Dec 2017 00:00:00Reported by TenableType

EulerOS 2.0 SP1 qemu-kvm (EulerOS-SA-2017-1320) vulnerabilitie

Reporter	Title	Published	Views	Family All 220
Amazon	Medium: qemu-kvm	20 Dec 201700:00	–	amazon
Tenable Nessus	Amazon Linux AMI : qemu-kvm (ALAS-2017-934)	26 Dec 201700:00	–	nessus
Tenable Nessus	CentOS 7 : qemu-kvm (CESA-2017:3368)	7 Dec 201700:00	–	nessus
Tenable Nessus	CentOS 6 : qemu-kvm (CESA-2018:0516)	15 Mar 201800:00	–	nessus
Tenable Nessus	Debian DLA-1128-1 : qemu-kvm security update	9 Oct 201700:00	–	nessus
Tenable Nessus	Debian DLA-1129-1 : qemu security update	9 Oct 201700:00	–	nessus
Tenable Nessus	Debian DLA-1497-1 : qemu security update (Spectre)	7 Sep 201800:00	–	nessus
Tenable Nessus	Debian DSA-3991-1 : qemu - security update	4 Oct 201700:00	–	nessus
Tenable Nessus	Debian DSA-4213-1 : qemu - security update (Spectre)	30 May 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1321)	18 Dec 201700:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(105301);
  script_version("3.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/11");

  script_cve_id("CVE-2017-14167", "CVE-2017-15289");

  script_name(english:"EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1320)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the qemu-kvm package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - Quick Emulator (QEMU), compiled with the PC System
    Emulator with multiboot feature support, is vulnerable
    to an OOB r/w memory access issue. The issue could
    occur due to an integer overflow while loading a kernel
    image during a guest boot. A user or process could use
    this flaw to potentially achieve arbitrary code
    execution on a host. (CVE-2017-14167)

  - Quick emulator (QEMU), compiled with the Cirrus CLGD
    54xx VGA Emulator support, is vulnerable to an OOB
    write access issue. The issue could occur while writing
    to VGA memory via mode4and5 write functions. A
    privileged user inside guest could use this flaw to
    crash the QEMU process resulting in Denial of Serivce
    (DoS). (CVE-2017-15289)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1320
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3ed039fe");
  script_set_attribute(attribute:"solution", value:
"Update the affected qemu-kvm packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-14167");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-img");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["qemu-img-1.5.3-141.4.h2"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-kvm");
}

11 Nov 2025 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 27.2

CVSS 3.18.8

EPSS0.00603