CVE-2017-10664

high

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.

References

https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html

https://bugzilla.redhat.com/show_bug.cgi?id=1466190

http://www.securityfocus.com/bid/99513

http://www.openwall.com/lists/oss-security/2017/06/29/1

http://www.debian.org/security/2017/dsa-3920

https://access.redhat.com/errata/RHSA-2017:3474

https://access.redhat.com/errata/RHSA-2017:3473

https://access.redhat.com/errata/RHSA-2017:3472

https://access.redhat.com/errata/RHSA-2017:3471

https://access.redhat.com/errata/RHSA-2017:3470

https://access.redhat.com/errata/RHSA-2017:3466

https://access.redhat.com/errata/RHSA-2017:2445

https://access.redhat.com/errata/RHSA-2017:2390

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

Details

Source: MITRE

Published: 2017-08-02

Updated: 2021-08-04

Type: NVD-CWE-noinfo

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.9.1 (inclusive)

Configuration 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3

AND

cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

ID	Name	Product	Family	Severity
136276	EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2020-1573)	Nessus	Huawei Local Security Checks	critical
119310	Debian DLA-1599-1 : qemu security update	Nessus	Debian Local Security Checks	critical
105929	Fedora 27 : xen (2017-908f063bb6)	Nessus	Fedora Local Security Checks	high
104780	SUSE SLES11 Security Update : kvm (SUSE-SU-2017:3084-1)	Nessus	SuSE Local Security Checks	critical
104649	SUSE SLES12 Security Update : xen (SUSE-SU-2017:2327-2)	Nessus	SuSE Local Security Checks	high
104495	SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2969-1)	Nessus	SuSE Local Security Checks	critical
104494	SUSE SLES11 Security Update : kvm (SUSE-SU-2017:2963-1)	Nessus	SuSE Local Security Checks	critical
104471	SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2946-1)	Nessus	SuSE Local Security Checks	critical
104429	SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2936-1)	Nessus	SuSE Local Security Checks	high
104424	openSUSE Security Update : qemu (openSUSE-2017-1249)	Nessus	SuSE Local Security Checks	high
103412	SUSE SLES12 Security Update : xen (SUSE-SU-2017:2541-1)	Nessus	SuSE Local Security Checks	high
103372	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : qemu regression (USN-3414-2)	Nessus	Ubuntu Local Security Checks	critical
103342	Fedora 25 : xen (2017-ed735463e3)	Nessus	Fedora Local Security Checks	high
103292	openSUSE Security Update : qemu (openSUSE-2017-1072)	Nessus	SuSE Local Security Checks	high
103217	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : qemu vulnerabilities (USN-3414-1)	Nessus	Ubuntu Local Security Checks	critical
103216	SUSE SLES11 Security Update : xen (SUSE-SU-2017:2450-1)	Nessus	SuSE Local Security Checks	high
103159	openSUSE Security Update : xen (openSUSE-2017-1023)	Nessus	SuSE Local Security Checks	high
103158	openSUSE Security Update : xen (openSUSE-2017-1022)	Nessus	SuSE Local Security Checks	critical
103120	SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2416-1)	Nessus	SuSE Local Security Checks	high
103082	EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1224)	Nessus	Huawei Local Security Checks	high
103081	EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2017-1223)	Nessus	Huawei Local Security Checks	high
102954	SUSE SLES11 Security Update : xen (SUSE-SU-2017:2339-1)	Nessus	SuSE Local Security Checks	high
102953	SUSE SLED12 Security Update : xen (SUSE-SU-2017:2327-1)	Nessus	SuSE Local Security Checks	high
102952	SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2017:2326-1)	Nessus	SuSE Local Security Checks	critical
102938	Fedora 26 : xen (2017-b7f1197c23)	Nessus	Fedora Local Security Checks	high
102913	SUSE SLES12 Security Update : xen (SUSE-SU-2017:2319-1)	Nessus	SuSE Local Security Checks	high
102805	Debian DLA-1071-1 : qemu-kvm security update	Nessus	Debian Local Security Checks	high
102804	Debian DLA-1070-1 : qemu security update	Nessus	Debian Local Security Checks	high
102763	CentOS 7 : qemu-kvm (CESA-2017:2445)	Nessus	CentOS Local Security Checks	high
102671	Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20170815)	Nessus	Scientific Linux Local Security Checks	high
102347	Oracle Linux 7 : qemu-kvm (ELSA-2017-2445)	Nessus	Oracle Linux Local Security Checks	high
102306	RHEL 7 : qemu-kvm (RHSA-2017:2445)	Nessus	Red Hat Local Security Checks	high
102157	RHEL 7 : qemu-kvm-rhev (RHSA-2017:2390)	Nessus	Red Hat Local Security Checks	high
101985	Debian DSA-3920-1 : qemu - security update	Nessus	Debian Local Security Checks	high

CVE-2017-10664

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Tenable Plugins

critical

critical

high

critical

high

critical

critical

critical

high

high

high

critical

high

high

critical

high

high

critical

high

high

high

high

high

critical

high

high

high

high

high

high

high

high

high

high