An out-of-bounds read/write flaw was found in the ATI VGA device implementation of the QEMU emulator. It occurs in the ati_2d_blt() routine while handling MMIO write operations from the guest. A malicious guest user could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
Name: Yi Ren (Alibaba Cloud Intelligence Security Team)
This flaw did not affect the following versions of QEMU as they did not include support for ATI VGA emulation:
* `qemu-kvm-ma` as shipped with Red Hat Enterprise Linux 7.
* `qemu-kvm-rhev` as shipped with Red Hat Virtualization and Red Hat OpenStack.
* `qemu-kvm` as shipped with Red Hat Enterprise Linux 6, 7 and 8.
* `virt:8.2/qemu-kvm` as shipped with RHEL Advanced Virtualization.
ATI VGA emulation feature was introduced in QEMU upstream version 4.0.0.
*** Bug 1847385 has been marked as a duplicate of this bug. ***
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1868904]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):