CVE-2017-5987
Ubuntu Security Notice USN-3261-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
La función sdhci_sdma_transfer_multi_blocks en hw/sd/sdhci.c en QEMU (también conocida como Quick Emulator) permiten a usuarios privilegiados invitados locales OS provocar una denegación de servicio (bucle infinito y caída del proceso QEMU) a través de vectores que implican el registro de modo de transferencia durante la transferencia de múltiples bloques.
Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Jann Horn discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to access files on the host file system outside of the shared directory and possibly escalate their privileges. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-02-14 CVE Reserved
- 2017-03-20 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=6e86d90352adf6cb08295255220295cf23c4286e | X_refsource_confirm | |
| http://www.securityfocus.com/bid/96263 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1421995 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/02/14/8 | 2023-11-07 | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201704-01 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | <= 2.8.1.1 Search vendor "Qemu" for product "Qemu" and version " <= 2.8.1.1" | - |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.9.0 Search vendor "Qemu" for product "Qemu" and version "2.9.0" | rc0 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.9.0 Search vendor "Qemu" for product "Qemu" and version "2.9.0" | rc1 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.9.0 Search vendor "Qemu" for product "Qemu" and version "2.9.0" | rc2 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.9.0 Search vendor "Qemu" for product "Qemu" and version "2.9.0" | rc3 |
Affected
| ||||||
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.9.0 Search vendor "Qemu" for product "Qemu" and version "2.9.0" | rc4 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||