Oval Definition:	oval:com.ubuntu.cosmic:def:20172620000
Revision Date: 2018-07-27 Version: 1 Title: CVE-2017-2620 on Ubuntu 18.10 (cosmic) - medium. Description: Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Family: unix Class: vulnerability Status: Reference(s): CVE-2017-2620 Platform(s): Ubuntu 18.10 Product(s): Definition Synopsis Ubuntu 18.10 (cosmic) is installed. AND Package Information NOT While related to the CVE in some way, the 'qemu' package in cosmic is not affected (note: '1:2.8+dfsg-3ubuntu2'). OR NOT While related to the CVE in some way, the 'xen' package in cosmic is not affected (note: 'uses system qemu').
BACK