CVE-2017-7377

Published: 10 April 2017

The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.

Notes

Author	Note
tyhicks	A privileged user in the guest can leak host memory Affected code is in hw/9pfs/virtio-9p.c in older releases

Priority

Cvss 3 Severity Score

6.0

Score breakdown

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	artful	Released (1:2.8+dfsg-3ubuntu3)
	bionic	Released (1:2.8+dfsg-3ubuntu3)
	cosmic	Released (1:2.8+dfsg-3ubuntu3)
	disco	Released (1:2.8+dfsg-3ubuntu3)
	eoan	Released (1:2.8+dfsg-3ubuntu3)
	focal	Released (1:2.8+dfsg-3ubuntu3)
	groovy	Released (1:2.8+dfsg-3ubuntu3)
	hirsute	Released (1:2.8+dfsg-3ubuntu3)
	precise	Does not exist
	trusty	Released (2.0.0+dfsg-2ubuntu1.34)
	upstream	Needed
	xenial	Released (1:2.5+dfsg-5ubuntu10.14)
	yakkety	Released (1:2.6.1+dfsg-0ubuntu5.5)
	zesty	Released (1:2.8+dfsg-3ubuntu2.2)
	Patches: upstream: http://git.qemu-project.org/?p=qemu.git;a=commit;h=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
qemu-kvm Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hirsute	Does not exist
	precise	Ignored (end of life)
	trusty	Does not exist
	upstream	Needed
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

Severity score breakdown

Parameter	Value
Base score	6.0
Attack vector	Local
Attack complexity	Low
Privileges required	High
User interaction	None
Scope	Changed
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›