Vulnerability Details : CVE-2017-13673
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
Vulnerability category: Denial of service
Products affected by CVE-2017-13673
- cpe:2.3:a:qemu:qemu:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:2.8.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-13673
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-13673
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-13673
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-13673
-
https://access.redhat.com/errata/RHSA-2018:1104
RHSA-2018:1104 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/100527
QEMU CVE-2017-13673 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2017/09/10/1
oss-security - Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update
-
https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
[Qemu-devel] [PATCH] vga: fix display update region calculation (split sMailing List;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
[security-announce] openSUSE-SU-2019:1074-1: important: Security update
-
https://access.redhat.com/errata/RHSA-2018:1113
RHSA-2018:1113 - Security Advisory - Red Hat Customer Portal
-
https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d
git.qemu.org Git - qemu.git/commit
Jump to