suse · CVE-2017-2615

Quick triage

Priority: medium Published: 2021-05-30 13:50:16 UTC Updated: 2026-04-18 15:48:55 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-2615 severity moderate: SUSE including 952 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 1333 product×package rows across 69 product lines (HPE Helion OpenStack 8, SUSE Liberty Linux 7, … (69 product lines)): Fixed 1029, Known Affected 157, Known Not Affected 147.

Description:

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

cvelogic Threat Intelligence