Quick emulator(Qemu) built with the VGA display emulator support is vulnerable to an out-of-bounds read access issue. It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the Qemu process on the host resulting in DoS situation. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05332.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/08/30/3
Acknowledgments: Name: David Buchanan
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1486562]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1486561]
qemu-2.9.1-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:0816
This issue has been addressed in the following products: Red Hat Virtualization 4 for RHEL-7 Via RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1104
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Red Hat OpenStack Platform 11.0 (Ocata) Red Hat OpenStack Platform 8.0 (Liberty) Red Hat OpenStack Platform 9.0 (Mitaka) Red Hat OpenStack Platform 12.0 (Pike) Via RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:1113
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2162 https://access.redhat.com/errata/RHSA-2018:2162