CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

CVSS v3 5.5 MEDIUM
CVSS v2.0 9.0 HIGH

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Exploitability : 1.3 / Impact : 3.7

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2017-0328.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0329.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0330.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0331.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0332.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0333.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0334.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0350.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0351.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0352.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0396.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0454.html	Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/21/1	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/96378	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037870	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html	Patch Third Party Advisory
https://security.gentoo.org/glsa/201703-07	Third Party Advisory
https://security.gentoo.org/glsa/201704-01	Third Party Advisory
https://support.citrix.com/article/CTX220771	Third Party Advisory
https://xenbits.xen.org/xsa/advisory-209.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0328.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0329.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0330.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0331.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0332.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0333.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0334.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0350.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0351.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0352.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0396.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0454.html	Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/21/1	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/96378	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037870	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html	Patch Third Party Advisory
https://security.gentoo.org/glsa/201703-07	Third Party Advisory
https://security.gentoo.org/glsa/201704-01	Third Party Advisory
https://support.citrix.com/article/CTX220771	Third Party Advisory
https://xenbits.xen.org/xsa/advisory-209.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:citrix:xenserver:6.0.2:::::::*
	cpe:2.3:a:citrix:xenserver:6.2.0:sp1::::::
	cpe:2.3:a:citrix:xenserver:6.5:sp1::::::
	cpe:2.3:a:citrix:xenserver:7.0:::::::*
	cpe:2.3:a:citrix:xenserver:7.1:::::::*
	cpe:2.3:a:redhat:openstack:5.0:::::::*
	cpe:2.3:a:redhat:openstack:6.0:::::::*
	cpe:2.3:a:redhat:openstack:7.0:::::::*
	cpe:2.3:a:redhat:openstack:8:::::::*
	cpe:2.3:a:redhat:openstack:9:::::::*
	cpe:2.3:a:redhat:openstack:10:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
	cpe:2.3:o:xen:xen::::::::
	cpe:2.3:o:xen:xen:4.7.1:r1::::::
	cpe:2.3:o:xen:xen:4.7.1:r2::::::
	cpe:2.3:o:xen:xen:4.7.1:r3::::::
	cpe:2.3:o:xen:xen:4.7.1:r4::::::
	cpe:2.3:o:xen:xen:4.7.1:r5::::::
	cpe:2.3:o:xen:xen:4.7.1:r6::::::
	cpe:2.3:o:xen:xen:4.7.1:r7::::::

History

21 Nov 2024, 03:23

04 Aug 2021, 17:15

Type	Values Removed	Values Added
CPE	cpe:2.3:a:redhat:openstack:10.0:::::::* cpe:2.3:a:redhat:openstack:8.0:::::::* cpe:2.3:a:redhat:openstack:9.0:::::::*	cpe:2.3:a:redhat:openstack:10:::::::* cpe:2.3:a:redhat:openstack:8:::::::* cpe:2.3:a:redhat:openstack:9:::::::*

Information

Published : 2018-07-27 19:29

Updated : 2024-11-21 03:23

NVD link : CVE-2017-2620

Mitre link : CVE-2017-2620

CVE.ORG link : CVE-2017-2620

JSON object : View

Products Affected

redhat

enterprise_linux_server
enterprise_linux_server_aus
enterprise_linux_workstation
openstack
enterprise_linux_server_eus
enterprise_linux_desktop

xen

qemu

qemu

debian

debian_linux

citrix

xenserver

CWE

CWE-787

Out-of-bounds Write

CWE-125

Out-of-bounds Read

{"id": "CVE-2017-2620", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2018-07-27T19:29:00.330", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2017/02/21/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/96378", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1037870", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", "source": "secalert@redhat.com"}, {"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201703-07", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201704-01", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://support.citrix.com/article/CTX220771", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://xenbits.xen.org/xsa/advisory-209.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2017/02/21/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/96378", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037870", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201703-07", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201704-01", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.citrix.com/article/CTX220771", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://xenbits.xen.org/xsa/advisory-209.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."}, {"lang": "es", "value": "Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de acceso fuera de l\u00edmites. El problema puede ocurrir al copiar datos VGA en cirrus_bitblt_cputovideo. Un usuario privilegiado dentro de guest podr\u00eda usar esta vulnerabilidad para bloquear el proceso de QEMU o potencialmente ejecutar c\u00f3digo arbitrario en el host con privilegios del proceso de QEMU."}], "lastModified": "2024-11-21T03:23:50.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10EE7DD6-EC30-4385-A028-E579F232BEFA", "versionEndExcluding": "2.8.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FCF191B-971A-4945-AB14-08091689BE2F"}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878949E0-D656-4E0E-858A-C6AD948A2A2F"}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBCF6643-ACDE-4DDB-8B01-D952DDF8951E"}, {"criteria": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "405F950F-0772-41A3-8B72-B67151CC1376"}, {"criteria": "cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5647AEA-DCE6-4950-A7EB-05465ECDDE16"}, {"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3"}, {"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA"}, {"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95"}, {"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6"}, {"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B"}, {"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA"}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"}, {"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E26BFEBF-36AE-4956-918E-0F3745F67103", "versionEndIncluding": "4.7.1"}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28DC6689-C725-4A0D-B18F-F06C63F43AAA"}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDDCD905-A9D3-4BF7-BC92-35886465241E"}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADCF1B40-C3A8-4505-B8C9-2F2C7753BFC3"}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E37280FF-ADAF-4829-9193-E1C203E1BE42"}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0619169-9642-47F9-8F15-C5497E790CDE"}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4ECE000-A99A-4ED4-B5E3-5162EC48CFB2"}, {"criteria": "cpe:2.3:o:xen:xen:4.7.1:r7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF50E3A9-19A3-4015-BF56-070833B5D2CE"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

5.5 /10