Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt functions cirrus_bitblt_rop_fwd_transp_ and/or cirrus_bitblt_rop_fwd_. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch -------------- -> http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/04/19/4
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1443444]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1443443]
Acknowledgements: Name: Jiangxin (PSIRT Huawei Inc.)
This issue has been addressed in the following products: RHEV 3.X Hypervisor and Agents for RHEL-6 Via RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1205
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1206
This issue has been addressed in the following products: RHEV 3.X Hypervisor and Agents for RHEL-7 RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:1431 https://access.redhat.com/errata/RHSA-2017:1431
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1430 https://access.redhat.com/errata/RHSA-2017:1430
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1441
qemu-2.7.1-7.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.