Arbitrary Code Execution

2019-01-1509:16:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

JSON

qemu-kvm-rhev is vulnerable to arbitrary code execution attacks. The vulnerability exists as a heap buffer overflow flaw was found in QEMU’s Cirrus CLGD 54xx VGA emulator’s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

CPENameOperatorVersion
qemu-kvm-rheveq0.12.1.2__2.491.el6_8.3
qemu-kvm-rheveq0.12.1.2__2.355.el6_4.4
qemu-kvm-rheveq0.12.1.2__2.355.el6_4.9
qemu-kvm-rheveq0.12.1.2__2.415.el6_5.5
qemu-kvm-rheveq2.3.0__31.el7_2.23
qemu-kvm-rheveq2.3.0__31.el7_2.19
qemu-kvm-rheveq0.12.1.2__2.479.el6_7.1
qemu-kvm-rheveq0.12.1.2__2.355.el6_4.7
qemu-kvm-rheveq0.12.1.2__2.448.el6_6.3
qemu-kvm-rheveq1.5.3__60.el7_0.7

Name	Operator	Version
qemu-kvm-rhev	eq	0.12.1.2__2.491.el6_8.3
qemu-kvm-rhev	eq	0.12.1.2__2.355.el6_4.4
qemu-kvm-rhev	eq	0.12.1.2__2.355.el6_4.9
qemu-kvm-rhev	eq	0.12.1.2__2.415.el6_5.5
qemu-kvm-rhev	eq	2.3.0__31.el7_2.23
qemu-kvm-rhev	eq	2.3.0__31.el7_2.19
qemu-kvm-rhev	eq	0.12.1.2__2.479.el6_7.1
qemu-kvm-rhev	eq	0.12.1.2__2.355.el6_4.7
qemu-kvm-rhev	eq	0.12.1.2__2.448.el6_6.3
qemu-kvm-rhev	eq	1.5.3__60.el7_0.7