CVE-2017-7980
moderate-risk
Published 2017-07-25
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
Do I need to act?
-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
References (36)
Third Party Advisory
http://ubuntu.com/usn/usn-3289-1
Third Party Advisory
http://www.securityfocus.com/bid/102129
Third Party Advisory
http://www.securityfocus.com/bid/97955
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0980
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0981
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0982
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0983
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0984
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0988
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1205
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1206
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1430
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1441
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1430056
Third Party Advisory
https://support.citrix.com/article/CTX230138
Third Party Advisory
http://ubuntu.com/usn/usn-3289-1
and 16 more references
47
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
1/34 · Minimal
Exposure
22/34 · High