CVE-2017-15124

CVE Details

Release Date:2018-01-09

Description


VNC server implementation in Quick Emulator (QEMU) 2.11.0 and olderwas found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.

See more information about CVE-2017-15124 from MITRE CVE dictionary and NIST NVD


Notes



CVSS v2 metrics


NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score: Base Metrics:
Access Vector: Undefined Confidentiality Impact: Undefined
Access Impact: Undefined Integrity Impact: Undefined
Authentication: Undefined Availability Impact: Undefined

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (qemu)ELSA-2018-42852018-11-20
Oracle Linux version 7 (qemu)ELSA-2018-42892018-11-28
Oracle Linux version 7 (qemu-kvm)ELSA-2018-08162018-04-16



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete