CVE-2017-2615

Priority
Description
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support
is vulnerable to an out-of-bounds access issue. It could occur while
copying VGA data via bitblt copy in backward mode. A privileged user inside
a guest could use this flaw to crash the QEMU process resulting in DoS or
potentially execute arbitrary code on the host with privileges of QEMU
process on the host.
Notes
 sarnold> apparently introduced by the fix for CVE-2014-8106
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:released (2.0.0+dfsg-2ubuntu1.33)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-5ubuntu10.11)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:2.8+dfsg-3ubuntu2)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1:2.8+dfsg-3ubuntu2)
Ubuntu 19.04 (Disco Dingo):not-affected (1:2.8+dfsg-3ubuntu2)
Ubuntu 19.10 (Eoan):not-affected (1:2.8+dfsg-3ubuntu2)
Patches:
Upstream:http://git.qemu-project.org/?p=qemu.git;a=commit;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):needed
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Trusty/esm:DNE (trusty was released [4.4.2-0ubuntu0.14.04.11])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system qemu)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system qemu)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (uses system qemu)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system qemu)
Ubuntu 19.10 (Eoan):not-affected (uses system qemu)
More Information

Updated: 2019-04-26 14:22:27 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)