CVE-2017-2620
- Source
- https://cve.org/CVERecord?id=CVE-2017-2620
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-2620.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-2620
- Downstream
- Related
- Published
- 2018-07-27T19:29:00.330Z
- Modified
- 2026-02-11T13:56:23.248491Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrusbitbltcputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
- References
-
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- http://rhn.redhat.com/errata/RHSA-2017-0328.html
- http://rhn.redhat.com/errata/RHSA-2017-0329.html
- http://rhn.redhat.com/errata/RHSA-2017-0330.html
- http://rhn.redhat.com/errata/RHSA-2017-0331.html
- http://rhn.redhat.com/errata/RHSA-2017-0332.html
- http://rhn.redhat.com/errata/RHSA-2017-0333.html
- http://rhn.redhat.com/errata/RHSA-2017-0334.html
- http://rhn.redhat.com/errata/RHSA-2017-0350.html
- http://rhn.redhat.com/errata/RHSA-2017-0351.html
- http://rhn.redhat.com/errata/RHSA-2017-0352.html
- http://rhn.redhat.com/errata/RHSA-2017-0396.html
- http://rhn.redhat.com/errata/RHSA-2017-0454.html
- http://www.openwall.com/lists/oss-security/2017/02/21/1
- http://www.securityfocus.com/bid/96378
- http://www.securitytracker.com/id/1037870
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620
- https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
- https://security.gentoo.org/glsa/201703-07
- https://security.gentoo.org/glsa/201704-01
- https://support.citrix.com/article/CTX220771
- https://xenbits.xen.org/xsa/advisory-209.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
- http://www.openwall.com/lists/oss-security/2017/02/21/1
Affected packages
Git / github.com/qubesos/qubes-secpack
Affected ranges
- Type
- GIT
- Repo
- https://github.com/qubesos/qubes-secpack
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
adw_295683ce
adw_2a43dbed
adw_2d4c57ee
adw_3e8e5a7c
adw_3fa6f674
adw_523c3fd5
adw_56aaade2
adw_5e2cf51c
adw_6131a869
adw_6d3a978f
adw_731e36a6
adw_7752e567
adw_8567fa1b
adw_89af9f06
adw_959b2d99
adw_b24d7e41
adw_b68b02df
adw_cdb0f84b
adw_da46a4ce
adw_e795de48
axon_51576cc1
axon_59ca8837
axon_5c66eb3d
j_1fc5409d
j_201e4cc3
j_2fa770a5
j_692db79a
j_a3ef318c
joanna_009c1158
joanna_0c3b9010
joanna_0de8baf2
joanna_27f8c1b5
joanna_40407c36
joanna_49fe8b1c
joanna_4d6b3809
joanna_51660c83
joanna_64c49dc9
joanna_6c1015e9
joanna_6d3a978f
joanna_738a07c4
joanna_782e0a9b
joanna_817ebc15
joanna_89af9f06
joanna_9a288a57
joanna_9e295791
joanna_ab84e606
joanna_b68b02df
joanna_b9f604bf
joanna_bbcb93ef
joanna_bc042615
joanna_cee779fd
joanna_da46a4ce
joanna_db9dc2ae
joanna_dcf7b31a
joanna_e2bf493f
joanna_ee7648ac
joanna_f276131b
joanna_f59d8f18
joanna_sec_0ac667a9
joanna_sec_113cf714
joanna_sec_15143d72
joanna_sec_15da4a45
joanna_sec_16c2b497
joanna_sec_19824dda
joanna_sec_198b6e18
joanna_sec_1e390705
joanna_sec_1fc5409d
joanna_sec_201e4cc3
joanna_sec_2130d1eb
joanna_sec_216103e7
joanna_sec_287158a9
joanna_sec_2904655d
joanna_sec_2bb7f0b9
joanna_sec_2fa770a5
joanna_sec_331a42ec
joanna_sec_33c90326
joanna_sec_341e2b6b
joanna_sec_38d60525
joanna_sec_3c2e9a5b
joanna_sec_43373e67
joanna_sec_45f79323
joanna_sec_476b38f5
joanna_sec_4eb6c952
joanna_sec_5901f066
joanna_sec_5b6117ae
joanna_sec_5ffbdd0e
joanna_sec_692db79a
joanna_sec_69d31929
joanna_sec_6f6d1a6b
joanna_sec_72b85eb9
joanna_sec_730d3fc5
joanna_sec_806ab1a4
joanna_sec_81fcefb1
joanna_sec_84308824
joanna_sec_848e7753
joanna_sec_8bb548e1
joanna_sec_8db2fb5d
joanna_sec_9d2ab5db
joanna_sec_a3ef318c
joanna_sec_a4e175f3
joanna_sec_ad10dd54
joanna_sec_aeb6b239
joanna_sec_afa96845
joanna_sec_b232fde3
joanna_sec_b4e357dd
joanna_sec_b9a9b693
joanna_sec_be35fc9a
joanna_sec_c270b939
joanna_sec_c3ee8beb
joanna_sec_cacca546
joanna_sec_d9651f96
joanna_sec_dcde2909
joanna_sec_dcf7b31a
joanna_sec_dda7a65f
joanna_sec_e4594798
joanna_sec_e97a7255
joanna_sec_eeeb546a
joanna_sec_f7b34dac
joanna_sec_f7fe0773
joanna_sec_ffa0608a
marmarek_sec_0311584c
marmarek_sec_0ac667a9
marmarek_sec_0cfc7687
marmarek_sec_0f838022
marmarek_sec_109b6fdf
marmarek_sec_113cf714
marmarek_sec_1302b8c6
marmarek_sec_15143d72
marmarek_sec_15ac3d41
marmarek_sec_160b7a0b
marmarek_sec_162930b6
marmarek_sec_16c2b497
marmarek_sec_1e390705
marmarek_sec_201e4cc3
marmarek_sec_20fc0746
marmarek_sec_2245aeed
marmarek_sec_22c5fe0d
marmarek_sec_24681439
marmarek_sec_287158a9
marmarek_sec_2bb7f0b9
marmarek_sec_2d58fc13
marmarek_sec_33c90326
marmarek_sec_3a5b80b5
marmarek_sec_3bacccfc
marmarek_sec_3bd7fe2e
marmarek_sec_40b3338e
marmarek_sec_41b90963
marmarek_sec_43373e67
marmarek_sec_4506ce8d
marmarek_sec_45f79323
marmarek_sec_46658321
marmarek_sec_49cc5d5a
marmarek_sec_4b1d1114
marmarek_sec_51660c83
marmarek_sec_539649d9
marmarek_sec_5b6117ae
marmarek_sec_5c9616cd
marmarek_sec_5ddbd92b
marmarek_sec_5e61a5a6
marmarek_sec_5f208b29
marmarek_sec_61621ebb
marmarek_sec_64f3338c
marmarek_sec_65c0e16e
marmarek_sec_66c7326e
marmarek_sec_688f1623
marmarek_sec_68fa5cee
marmarek_sec_692db79a
marmarek_sec_696e531c
marmarek_sec_6be15b69
marmarek_sec_71eeb2ea
marmarek_sec_77c18513
marmarek_sec_78525939
marmarek_sec_7b063902
marmarek_sec_7bea266a
marmarek_sec_7cdffb89
marmarek_sec_7f76bce3
marmarek_sec_806ab1a4
marmarek_sec_81194e72
marmarek_sec_81ac5fe4
marmarek_sec_84308824
marmarek_sec_8487a05e
marmarek_sec_848e7753
marmarek_sec_85d18bac
marmarek_sec_880c1d9d
marmarek_sec_89af9f06
marmarek_sec_8db2fb5d
marmarek_sec_93f129d7
marmarek_sec_9ce311f5
marmarek_sec_9d2ab5db
marmarek_sec_9e64bee1
marmarek_sec_9f43f503
marmarek_sec_a134889b
marmarek_sec_a42cd1d9
marmarek_sec_a459f531
marmarek_sec_a481720a
marmarek_sec_a4e175f3
marmarek_sec_a6740376
marmarek_sec_ad519557
marmarek_sec_addc0cdc
marmarek_sec_b6c083a0
marmarek_sec_b9c9d9e5
marmarek_sec_bd0f960b
marmarek_sec_c5177666
marmarek_sec_c5190321
marmarek_sec_c811a84b
marmarek_sec_c83d9f18
marmarek_sec_c9c8bde6
marmarek_sec_caa6c3bc
marmarek_sec_cc626e78
marmarek_sec_ceee07bc
marmarek_sec_cf660ae9
marmarek_sec_d5a7241a
marmarek_sec_d9c2f7df
marmarek_sec_dc58c062
marmarek_sec_dceb778d
marmarek_sec_dcf7b31a
marmarek_sec_dd650fc0
marmarek_sec_dda7a65f
marmarek_sec_dead1260
marmarek_sec_dec5eecc
marmarek_sec_e2bf493f
marmarek_sec_e4001950
marmarek_sec_e4594798
marmarek_sec_e8375673
marmarek_sec_e97a7255
marmarek_sec_e9e8fdb7
marmarek_sec_eb83dc5d
marmarek_sec_ee7648ac
marmarek_sec_f1272311
marmarek_sec_f7b34dac
marmarek_sec_f7fe0773
marmarek_sec_f9c28b07
marmarek_sec_feb3578d
marmarek_sec_fed50710
mm_109b6fdf
mm_15143d72
mm_1e390705
mm_201e4cc3
mm_2beab537
mm_3bd7fe2e
mm_40b3338e
mm_49cc5d5a
mm_51660c83
mm_5f208b29
mm_61621ebb
mm_692db79a
mm_78525939
mm_7c825880
mm_89af9f06
mm_a4e175f3
mm_d5a7241a
mm_d9c2f7df
w_49cc5d5a