Security Bulletin: Multiple vulnerabilities in qemu-kvm and libguestfs affect SmartCloud Entry (CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 CVE-2017-7980 CVE-2015-8869)

Vulnerability Details

CVE-2016-9603
DESCRIPTION: Xen is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the CIRRUS VGA emulator. By resizing the display refresh to be larger than before, a local authenticated attacker could overflow a buffer and execute arbitrary code on the host system with elevated privileges.
CVSS Base Score: 8.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123183 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID: CVE-2017-2633
DESCRIPTION: QEMU is vulnerable to a denial of service, caused by an out-of-bounds memory access error in VNC display driver support while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A remote attacker from with the local network could exploit this vulnerability to corrupt memory and crash the QEMU process.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125932 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L)

CVEID: CVE-2017-7718
DESCRIPTION: QEMU (aka Quick Emulator) is vulnerable to a denial of service, caused by an out-of-bounds read flaw in hw/display/cirrus_vga_rop.h. By using vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions, a local authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125885 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-7980
DESCRIPTION: QEMU, built with the Cirrus CLGD 54xx VGA Emulator support, could allow a remote attacker from with the local network to execute arbitrary code on the system, caused by an out-of-bounds read and write access issue while copying VGA data using multiple bitblt function. An attacker could exploit this vulnerability to execute arbitrary code on the host with elevated privileges.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125934 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)

CVEID: CVE-2015-8869
DESCRIPTION: OCaml is vulnerable to a buffer overflow, caused by improper bounds checking by the caml_bit_string function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112826 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)