Showing 1 - 3 of 3

CVE-2017-10806

Status Candidate

Overview

Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.

Related Files

Ubuntu Security Notice USN-3414-2: Posted Sep 20, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3414-2 - USN-3414-1 fixed vulnerabilities in QEMU. The patch backport for CVE-2017-9375 was incomplete and caused a regression in the USB xHCI controller emulation support. This update fixes the problem. Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, vulnerability; systems | linux, ubuntu; advisories | CVE-2017-10664, CVE-2017-10806, CVE-2017-10911, CVE-2017-11434, CVE-2017-12809, CVE-2017-7493, CVE-2017-8112, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9503, CVE-2017-9524; MD5 | 92172bfdd6366a35c975fa4e430d2218; Download | Favorite | Comments (0)

Ubuntu Security Notice USN-3414-1: Posted Sep 14, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3414-1 - Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2017-10664, CVE-2017-10806, CVE-2017-10911, CVE-2017-11434, CVE-2017-12809, CVE-2017-7493, CVE-2017-8112, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9503, CVE-2017-9524; MD5 | 0392d6964c9f9ee67e40b47efe84d6b0; Download | Favorite | Comments (0)

Debian Security Advisory 3925-1: Posted Aug 6, 2017; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3925-1 - Multiple vulnerabilities were found in qemu, a fast processor emulator.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2017-10806, CVE-2017-11334, CVE-2017-11443, CVE-2017-9524; MD5 | 891c5fec85e89b062c30730376dc45e2; Download | Favorite | Comments (0)

Page 1 of 1 Back 1 Next

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Red Hat 63 files
Ubuntu 36 files
Google Security Research 27 files
Debian 27 files
Gentoo 23 files
Todor Donev 15 files
Sureshbabu Narvaneni 10 files
mjurczyk 9 files
Apple 7 files
ManhNho 6 files

File Archives

Systems

AIX (409)
Apple (1,539)
BSD (333)
Cisco (1,807)
Debian (5,484)
Fedora (1,679)
FreeBSD (1,193)
Gentoo (3,561)
HPUX (865)
iOS (171)
iPhone (103)
IRIX (219)
Juniper (66)
Linux (33,202)
Mac OS X (652)
Mandriva (3,105)
NetBSD (254)
OpenBSD (455)
RedHat (6,396)
Slackware (814)
Solaris (1,569)
SUSE (1,444)
Ubuntu (5,582)
UNIX (8,256)
UnixWare (172)
Windows (5,319)
Other