Published: 02/05/2017 Updated: 07/11/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu 2.9.0
qemu qemu
debian debian linux 8.0

Several security issues were fixed in QEMU ...

Debian Bug report logs - #860785 qemu: CVE-2017-7471: 9p: virtfs allows guest to change filesystem attributes on host Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Apr 2017 05:18:02 UTC Sever ...

Debian Bug report logs - #861348 qemu: CVE-2017-8086: 9pfs: host memory leakage via v9pfs_list_xattr Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Apr 2017 19:45:02 UTC Severity: normal Tags: ...

Debian Bug report logs - #861351 qemu: CVE-2017-8112: scsi: vmw_pvscsi: infinite loop in pvscsi_log2 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Apr 2017 20:09:01 UTC Severity: normal Tags ...

Debian Bug report logs - #862289 qemu: CVE-2017-8379: host memory lekage via keyboard events Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 10 May 2017 16:45:01 UTC Severity: minor Tags: patch, s ...

Debian Bug report logs - #862282 qemu: CVE-2017-8380: scsi: megasas: out-of-bounds read in megasas_mmio_write Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 10 May 2017 15:09:04 UTC Severity: nor ...

Debian Bug report logs - #862280 qemu: CVE-2017-8309: audio: host memory leakage via capture buffer Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 10 May 2017 14:57:04 UTC Severity: minor Tags: f ...

Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattrc in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable ...

CWE-772 https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html https://bugzilla.redhat.com/show_bug.cgi?id=1444781 http://www.securityfocus.com/bid/98012 http://www.openwall.com/lists/oss-security/2017/04/25/5 https://security.gentoo.org/glsa/201706-03 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 https://usn.ubuntu.com/3289-1/https://nvd.nist.gov

CVE-2017-8086

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect