Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-15124

Published: 09/01/2018 Updated: 12/02/2023
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Qemu

Vulnerability Summary

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

Vendor Advisories

Ubuntu Security Notice: qemu vulnerabilities
Several security issues were fixed in QEMU ...
Ubuntu Security Notice: qemu regression
USN-3575-1 introduced a regression in QEMU ...
Red Hat: Low: qemu-kvm-ma security, bug fix, and enhancement update
Synopsis Low: qemu-kvm-ma security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (C ...
Red Hat: Low: qemu-kvm security, bug fix, and enhancement update
Synopsis Low: qemu-kvm security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Important: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of ...
Red Hat: Moderate: qemu-kvm-rhev security and bug fix update
Synopsis Moderate: qemu-kvm-rhev security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton), Red Hat OpenStack Platform 110 (Ocata), Red Hat OpenStack Platform 120 (Pike), Red Hat OpenStack Platform ...
Debian Security Advisories: DSA-4213-1 qemu -- security update
Several vulnerabilities were discovered in qemu, a fast processor emulator CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service CVE-2017-15124 Daniel Berrange discovered that t ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-15124: memory exhaustion through framebuffer update request message in VNC server
Debian Bug report logs - #884806 qemu: CVE-2017-15124: memory exhaustion through framebuffer update request message in VNC server Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 19 Dec 2017 21:42:0 ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-5683: Out-of-bounds read in vga_draw_text routine
Debian Bug report logs - #887392 qemu: CVE-2018-5683: Out-of-bounds read in vga_draw_text routine Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 15 Jan 2018 20:21:01 UTC Severity: important Tags: ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-7550: i386: multiboot OOB access while loading kernel image
Debian Bug report logs - #892041 qemu: CVE-2018-7550: i386: multiboot OOB access while loading kernel image Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 4 Mar 2018 13:15:12 UTC Severity: impor ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-16845: ps2: information leakage via post_load routine
Debian Bug report logs - #882136 qemu: CVE-2017-16845: ps2: information leakage via post_load routine Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 19 Nov 2017 14:21:04 UTC Severity: important T ...
Debian CVElist Bug Report Logs: qemu: CVE-2018-7858: cirrus: OOB access when updating vga display allowing for DoS
Debian Bug report logs - #892497 qemu: CVE-2018-7858: cirrus: OOB access when updating vga display allowing for DoS Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 9 Mar 2018 18:12:01 UTC Severit ...
Debian CVElist Bug Report Logs: Coming updates for meltdown/spectre
Debian Bug report logs - #886532 Coming updates for meltdown/spectre Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Nigel Kukard <nkukard@lbsdnet> Date: Sun, 7 Jan 2018 12:15:02 UTC Severity: grave Fo ...
Amazon Linux 2: ALAS2-2018-1034
An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU) It could occur while reading VGA memory to update graphics display A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation(CVE-2017-13672) A memory leakage ...
Amazon Linux AMI: ALAS-2018-1034
An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU) It could occur while reading VGA memory to update graphics display A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation(CVE-2017-13672) A memory leakage ...
Red Hat: CVE-2017-15124
VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client If the client did not consume these updates, VNC server allocates growing memory to hold onto this data A malicious remote VNC client could use this flaw to cause ...

References

CWE-770https://bugzilla.redhat.com/show_bug.cgi?id=1525195https://usn.ubuntu.com/3575-1/https://access.redhat.com/errata/RHSA-2018:1104https://access.redhat.com/errata/RHSA-2018:0816https://access.redhat.com/errata/RHSA-2018:1113http://www.securityfocus.com/bid/102295https://www.debian.org/security/2018/dsa-4213https://access.redhat.com/errata/RHSA-2018:3062https://nvd.nist.govhttps://usn.ubuntu.com/3575-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook