Home

CVE-2017-15124

Description

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.684

Associated Vulnerability

VulnerabilityOS Platform
qemu security update(DSA-4213-1) qemu_2.8+dfsg-6+deb9u4_i386.debLinux
qemu security update(DSA-4213-1) qemu_2.8+dfsg-6+deb9u4_amd64.debLinux
Qemu-kvm security update (CESA-2018:0023) qemu-img-1.5.3-156.el7.x86_64.rpmLinux
Qemu-kvm security update (CESA-2018:0023) qemu-kvm-1.5.3-156.el7.x86_64.rpmLinux
Qemu-kvm security update (CESA-2018:0023) qemu-kvm-tools-1.5.3-156.el7.x86_64.rpmLinux
Qemu-kvm security update (CESA-2018:0023) qemu-kvm-common-1.5.3-156.el7.x86_64.rpmLinux
(RHSA-2018:0816) Low: qemu-kvm security, bug fix, and enhancement update qemu-img-1.5.3-156.el7.x86_64.rpmLinux
(RHSA-2018:0816) Low: qemu-kvm security, bug fix, and enhancement update qemu-kvm-1.5.3-156.el7.x86_64.rpmLinux
(RHSA-2018:0816) Low: qemu-kvm security, bug fix, and enhancement update qemu-kvm-common-1.5.3-156.el7.x86_64.rpmLinux
(RHSA-2018:0816) Low: qemu-kvm security, bug fix, and enhancement update qemu-kvm-tools-1.5.3-156.el7.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-block-curl-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-block-curl-debuginfo-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Server 12-SP2 ) qemu-block-rbd-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Server 12-SP2 ) qemu-block-rbd-debuginfo-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Server 12-SP2 ) qemu-block-ssh-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Server 12-SP2 ) qemu-block-ssh-debuginfo-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-debugsource-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Server 12-SP2 ) qemu-guest-agent-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Server 12-SP2 ) qemu-guest-agent-debuginfo-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-ipxe-1.0.0-41.37.1.noarch.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-kvm-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Server 12-SP2 ) qemu-lang-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-seabios-1.9.1-41.37.1.noarch.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-sgabios-8-41.37.1.noarch.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-tools-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-tools-debuginfo-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-vgabios-1.9.1-41.37.1.noarch.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Desktop 12-SP2 ) qemu-x86-2.6.2-41.37.1.x86_64.rpmLinux
SUSE-SU-2018:0831-1(SUSE Linux Enterprise Server 12-SP2 ) qemu-x86-debuginfo-2.6.2-41.37.1.x86_64.rpmLinux
CVE-2017-15124NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234