VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
Find out more about CVE-2017-15124 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 2.1 |
---|---|
Base Metrics | AV:N/AC:H/Au:S/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | High |
Authentication | Single |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
CVSS3 Base Score | 3.5 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | Low |
User Interaction | None |
Scope | Changed |
Confidentiality | None |
Integrity Impact | None |
Availability Impact | Low |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat OpenStack Platform 12.0 (qemu-kvm-rhev) | RHSA-2018:1113 | 2018-04-11 |
Red Hat OpenStack Platform 11.0 (Ocata) (qemu-kvm-rhev) | RHSA-2018:1113 | 2018-04-11 |
Red Hat Enterprise Linux 7 (qemu-kvm-ma) | RHSA-2018:3062 | 2018-10-30 |
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (qemu-kvm-rhev) | RHSA-2018:1104 | 2018-04-10 |
Red Hat OpenStack Platform 9.0 (qemu-kvm-rhev) | RHSA-2018:1113 | 2018-04-11 |
Red Hat OpenStack Platform 10 (qemu-kvm-rhev) | RHSA-2018:1113 | 2018-04-11 |
Red Hat OpenStack Platform 8.0 (Liberty) (qemu-kvm-rhev) | RHSA-2018:1113 | 2018-04-11 |
Red Hat Enterprise Linux 7 (qemu-kvm) | RHSA-2018:0816 | 2018-04-10 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | qemu-kvm-rhev | Will not fix |
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | qemu-kvm-rhev | Will not fix |
Red Hat Enterprise Linux 6 | qemu-kvm | Affected |
Red Hat Enterprise Linux 5 | xen | Will not fix |
Red Hat Enterprise Linux 5 | kvm | Will not fix |