[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2017:0625-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":44,"duplicates":45,"related":46,"reserved_at":9,"published_at":62,"modified_at":63,"state":9,"summary":64,"references_raw":66,"kevs":211,"epss":9,"epss_history":212,"metrics":213,"affected":214},"SUSE-SU-2017:0625-1","Security update for qemu\n\n\nThis update for qemu fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1023907).\n- CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to a host memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1023073).\n- CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972)\n- CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004)\n- CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053)\n- CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702)\n- CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702)\n- CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081).\n- CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084).\n- CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)\n- CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021195).\n- CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021481).\n- CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589).\n- CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491).\n- CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541).\n- CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907)\n\nThese non-security issues were fixed:\n\n- Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583)\n- XHCI fixes (bsc#977027)\n- Fixed rare race during s390x guest reboot\n- Fixed various inaccuracies in cirrus vga device emulation\n- Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928)\n- Fixed graphical update errors introduced by previous security fix (bsc#1016779)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42],{"_key":15},"CVE-2016-10028",{"_key":17},"CVE-2016-10029",{"_key":19},"CVE-2016-10155",{"_key":21},"CVE-2016-9921",{"_key":23},"CVE-2016-9922",{"_key":25},"CVE-2017-2615",{"_key":27},"CVE-2017-2620",{"_key":29},"CVE-2017-5525",{"_key":31},"CVE-2017-5526",{"_key":33},"CVE-2017-5552",{"_key":35},"CVE-2017-5578",{"_key":37},"CVE-2017-5667",{"_key":39},"CVE-2017-5856",{"_key":41},"CVE-2017-5857",{"_key":43},"CVE-2017-5898",[],[],[47,48,49,50,51,52,53,54,55,56,57,58,59,60,61],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},"2017-03-07T12:59:04Z","2026-02-04T03:48:50.673393Z",{"cisa_kev":65,"cisa_ransomware":65,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[67,73,78,82,86,90,94,98,102,106,110,114,118,122,126,130,134,138,142,146,150,155,159,163,167,171,175,179,183,187,191,195,199,203,207],{"url":68,"sources":69,"tags":71},"https://www.suse.com/support/update/announcement/2017/suse-su-20170625-1/",[70],"osv_suse",[72],"Advisory",{"url":74,"sources":75,"tags":76},"https://bugzilla.suse.com/1014702",[70],[77],"REPORT",{"url":79,"sources":80,"tags":81},"https://bugzilla.suse.com/1015169",[70],[77],{"url":83,"sources":84,"tags":85},"https://bugzilla.suse.com/1016779",[70],[77],{"url":87,"sources":88,"tags":89},"https://bugzilla.suse.com/1017081",[70],[77],{"url":91,"sources":92,"tags":93},"https://bugzilla.suse.com/1017084",[70],[77],{"url":95,"sources":96,"tags":97},"https://bugzilla.suse.com/1020491",[70],[77],{"url":99,"sources":100,"tags":101},"https://bugzilla.suse.com/1020589",[70],[77],{"url":103,"sources":104,"tags":105},"https://bugzilla.suse.com/1020928",[70],[77],{"url":107,"sources":108,"tags":109},"https://bugzilla.suse.com/1021129",[70],[77],{"url":111,"sources":112,"tags":113},"https://bugzilla.suse.com/1021195",[70],[77],{"url":115,"sources":116,"tags":117},"https://bugzilla.suse.com/1021481",[70],[77],{"url":119,"sources":120,"tags":121},"https://bugzilla.suse.com/1022541",[70],[77],{"url":123,"sources":124,"tags":125},"https://bugzilla.suse.com/1023004",[70],[77],{"url":127,"sources":128,"tags":129},"https://bugzilla.suse.com/1023053",[70],[77],{"url":131,"sources":132,"tags":133},"https://bugzilla.suse.com/1023073",[70],[77],{"url":135,"sources":136,"tags":137},"https://bugzilla.suse.com/1023907",[70],[77],{"url":139,"sources":140,"tags":141},"https://bugzilla.suse.com/1024972",[70],[77],{"url":143,"sources":144,"tags":145},"https://bugzilla.suse.com/1026583",[70],[77],{"url":147,"sources":148,"tags":149},"https://bugzilla.suse.com/977027",[70],[77],{"url":151,"sources":152,"tags":153},"https://www.suse.com/security/cve/CVE-2016-10028",[70],[154],"WEB",{"url":156,"sources":157,"tags":158},"https://www.suse.com/security/cve/CVE-2016-10029",[70],[154],{"url":160,"sources":161,"tags":162},"https://www.suse.com/security/cve/CVE-2016-10155",[70],[154],{"url":164,"sources":165,"tags":166},"https://www.suse.com/security/cve/CVE-2016-9921",[70],[154],{"url":168,"sources":169,"tags":170},"https://www.suse.com/security/cve/CVE-2016-9922",[70],[154],{"url":172,"sources":173,"tags":174},"https://www.suse.com/security/cve/CVE-2017-2615",[70],[154],{"url":176,"sources":177,"tags":178},"https://www.suse.com/security/cve/CVE-2017-2620",[70],[154],{"url":180,"sources":181,"tags":182},"https://www.suse.com/security/cve/CVE-2017-5525",[70],[154],{"url":184,"sources":185,"tags":186},"https://www.suse.com/security/cve/CVE-2017-5526",[70],[154],{"url":188,"sources":189,"tags":190},"https://www.suse.com/security/cve/CVE-2017-5552",[70],[154],{"url":192,"sources":193,"tags":194},"https://www.suse.com/security/cve/CVE-2017-5578",[70],[154],{"url":196,"sources":197,"tags":198},"https://www.suse.com/security/cve/CVE-2017-5667",[70],[154],{"url":200,"sources":201,"tags":202},"https://www.suse.com/security/cve/CVE-2017-5856",[70],[154],{"url":204,"sources":205,"tags":206},"https://www.suse.com/security/cve/CVE-2017-5857",[70],[154],{"url":208,"sources":209,"tags":210},"https://www.suse.com/security/cve/CVE-2017-5898",[70],[154],[],[],[],[215,228,232,236],{"ecosystem":216,"name":217,"vendor":218,"product":219,"cpe_part":9,"purl_type":220,"purl_namespace":218,"purl_name":219,"source":9,"versions":221},"SUSE Linux Enterprise","qemu","suse","qemu&distro=SUSE Linux Enterprise Desktop 12 SP2","rpm",[222],{"version":223,"is_range":224,"range_type":225,"version_start":9,"version_start_type":9,"version_end":226,"version_end_type":227,"fixed_in":9},"lt2_6_2_41_9_1",true,"ecosystem","2.6.2-41.9.1","excluding",{"ecosystem":216,"name":217,"vendor":218,"product":229,"cpe_part":9,"purl_type":220,"purl_namespace":218,"purl_name":229,"source":9,"versions":230},"qemu&distro=SUSE Linux Enterprise Server 12 SP2",[231],{"version":223,"is_range":224,"range_type":225,"version_start":9,"version_start_type":9,"version_end":226,"version_end_type":227,"fixed_in":9},{"ecosystem":216,"name":217,"vendor":218,"product":233,"cpe_part":9,"purl_type":220,"purl_namespace":218,"purl_name":233,"source":9,"versions":234},"qemu&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",[235],{"version":223,"is_range":224,"range_type":225,"version_start":9,"version_start_type":9,"version_end":226,"version_end_type":227,"fixed_in":9},{"ecosystem":216,"name":217,"vendor":218,"product":237,"cpe_part":9,"purl_type":220,"purl_namespace":218,"purl_name":237,"source":9,"versions":238},"qemu&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2",[239],{"version":223,"is_range":224,"range_type":225,"version_start":9,"version_start_type":9,"version_end":226,"version_end_type":227,"fixed_in":9}]