Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2017-6505

Published: 15/03/2017 Updated: 07/11/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Qemu

Vulnerability Summary

The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) prior to 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

Vendor Advisories

Ubuntu Security Notice: qemu vulnerabilities
Several security issues were fixed in QEMU ...
Ubuntu Security Notice: qemu vulnerabilities
Several security issues were fixed in QEMU ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-6505: infinite loop issue in ohci_service_ed_list
Debian Bug report logs - #856969 qemu: CVE-2017-6505: infinite loop issue in ohci_service_ed_list Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 6 Mar 2017 18:51:01 UTC Severity: normal Tags: pa ...
Debian CVElist Bug Report Logs: qemu: CVE-2017-7377
Debian Bug report logs - #859854 qemu: CVE-2017-7377 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 7 Apr 2017 19:48:02 UTC Severity: important Tags: fixed-upstream, patch, security, upstream F ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-9603: cirrus: heap buffer overflow via vnc connection
Debian Bug report logs - #857744 qemu: CVE-2016-9603: cirrus: heap buffer overflow via vnc connection Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 14 Mar 2017 16:15:01 UTC Severity: grave Tags: ...
Debian CVElist Bug Report Logs: qemu: CVE-2016-8667: dma: rc4030 divide by zero error in set_next_tick
Debian Bug report logs - #840950 qemu: CVE-2016-8667: dma: rc4030 divide by zero error in set_next_tick Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Oct 2016 12:21:02 UTC Severity: normal Ta ...
Red Hat: CVE-2017-6505
The ohci_service_ed_list function in hw/usb/hcd-ohcic in QEMU (aka Quick Emulator) before 290 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330 ...

References

CWE-835https://bugzilla.redhat.com/show_bug.cgi?id=1429432http://www.openwall.com/lists/oss-security/2017/03/06/6http://www.securityfocus.com/bid/96611https://security.gentoo.org/glsa/201704-01https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlhttp://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fbhttps://nvd.nist.govhttps://usn.ubuntu.com/3268-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook