{ "threat_severity" : "Low", "public_date" : "2017-08-24T00:00:00Z", "bugzilla" : { "description" : "QEMU: VGA: reachable assert failure during display update", "id" : "1486588", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1486588" }, "cvss" : { "cvss_base_score" : "2.3", "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status" : "verified" }, "cvss3" : { "cvss3_base_score" : "3.0", "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-617", "details" : [ "The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.", "An assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service." ], "acknowledgement" : "Red Hat would like to thank David Buchanan for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat OpenStack Platform 10.0 (Newton)", "release_date" : "2018-04-11T00:00:00Z", "advisory" : "RHSA-2018:1113", "cpe" : "cpe:/a:redhat:openstack:10::el7", "package" : "qemu-kvm-rhev-10:2.10.0-21.el7" }, { "product_name" : "Red Hat OpenStack Platform 11.0 (Ocata)", "release_date" : "2018-04-11T00:00:00Z", "advisory" : "RHSA-2018:1113", "cpe" : "cpe:/a:redhat:openstack:11::el7", "package" : "qemu-kvm-rhev-10:2.10.0-21.el7" }, { "product_name" : "Red Hat OpenStack Platform 12.0 (Pike)", "release_date" : "2018-04-11T00:00:00Z", "advisory" : "RHSA-2018:1113", "cpe" : "cpe:/a:redhat:openstack:12::el7", "package" : "qemu-kvm-rhev-10:2.10.0-21.el7" }, { "product_name" : "Red Hat OpenStack Platform 8.0 (Liberty)", "release_date" : "2018-04-11T00:00:00Z", "advisory" : "RHSA-2018:1113", "cpe" : "cpe:/a:redhat:openstack:8::el7", "package" : "qemu-kvm-rhev-10:2.10.0-21.el7" }, { "product_name" : "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date" : "2018-04-11T00:00:00Z", "advisory" : "RHSA-2018:1113", "cpe" : "cpe:/a:redhat:openstack:9::el7", "package" : "qemu-kvm-rhev-10:2.10.0-21.el7" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2018-04-10T00:00:00Z", "advisory" : "RHSA-2018:1104", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "qemu-kvm-rhev-10:2.10.0-21.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "xen", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Affected", "package_name" : "qemu-kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Affected", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "qemu-kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)", "fix_state" : "Will not fix", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:6" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)", "fix_state" : "Will not fix", "package_name" : "qemu-kvm-rhev", "cpe" : "cpe:/a:redhat:openstack:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-13673\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13673" ], "name" : "CVE-2017-13673", "csaw" : false }