Quick emulator(QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. It could occur while updating VGA display, after guest has adjusted the display dimensions. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch: --------------- -> https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2018/03/09/1
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1553403] Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1553404]
Acknowledgments: Name: Ross Lagerwall (Citrix.com)
This issue has been addressed in the following products: Red Hat Virtualization 4 for RHEL-7 Via RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:1369
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1416 https://access.redhat.com/errata/RHSA-2018:1416
This issue has been addressed in the following products: Red Hat OpenStack Platform 8 Via RHSA-2018:1646 https://access.redhat.com/errata/RHSA-2018:1646 Red Hat OpenStack Platform 9 Via RHSA-2018:1645 https://access.redhat.com/errata/RHSA-2018:1645 Red Hat OpenStack Platform 10 Via RHSA-2018:1644 https://access.redhat.com/errata/RHSA-2018:1644 Red Hat OpenStack Platform 12 Via RHSA-2018:1643 https://access.redhat.com/errata/RHSA-2018:1643
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2162 https://access.redhat.com/errata/RHSA-2018:2162