CVE-2017-11334

LOW

Description

The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.

References

http://www.debian.org/security/2017/dsa-3925

http://www.openwall.com/lists/oss-security/2017/07/17/4

http://www.securityfocus.com/bid/99895

https://access.redhat.com/errata/RHSA-2017:3369

https://access.redhat.com/errata/RHSA-2017:3466

https://access.redhat.com/errata/RHSA-2017:3470

https://access.redhat.com/errata/RHSA-2017:3471

https://access.redhat.com/errata/RHSA-2017:3472

https://access.redhat.com/errata/RHSA-2017:3473

https://access.redhat.com/errata/RHSA-2017:3474

https://bugzilla.redhat.com/show_bug.cgi?id=1471638

https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html

https://usn.ubuntu.com/3575-1/

Details

Source: MITRE

Published: 2017-08-02

Updated: 2020-11-10

Type: CWE-125

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 4.4

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 0.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.9.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
108369SUSE SLES11 Security Update : xen (SUSE-SU-2018:0678-1) (Meltdown) (Spectre)NessusSuSE Local Security Checks
high
107145Ubuntu 14.04 LTS / 16.04 LTS : qemu regression (USN-3575-2)NessusUbuntu Local Security Checks
high
106927Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : qemu vulnerabilities (USN-3575-1)NessusUbuntu Local Security Checks
high
105929Fedora 27 : xen (2017-908f063bb6)NessusFedora Local Security Checks
medium
104987RHEL 7 : qemu-kvm-rhev (RHSA-2017:3369)NessusRed Hat Local Security Checks
high
104780SUSE SLES11 Security Update : kvm (SUSE-SU-2017:3084-1)NessusSuSE Local Security Checks
high
104495SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2969-1)NessusSuSE Local Security Checks
high
104494SUSE SLES11 Security Update : kvm (SUSE-SU-2017:2963-1)NessusSuSE Local Security Checks
high
104471SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2946-1)NessusSuSE Local Security Checks
high
104429SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2936-1)NessusSuSE Local Security Checks
high
104424openSUSE Security Update : qemu (openSUSE-2017-1249)NessusSuSE Local Security Checks
high
103412SUSE SLES12 Security Update : xen (SUSE-SU-2017:2541-1)NessusSuSE Local Security Checks
high
103292openSUSE Security Update : qemu (openSUSE-2017-1072)NessusSuSE Local Security Checks
medium
103216SUSE SLES11 Security Update : xen (SUSE-SU-2017:2450-1)NessusSuSE Local Security Checks
high
103120SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2416-1)NessusSuSE Local Security Checks
medium
102954SUSE SLES11 Security Update : xen (SUSE-SU-2017:2339-1)NessusSuSE Local Security Checks
high
102938Fedora 26 : xen (2017-b7f1197c23)NessusFedora Local Security Checks
medium
102913SUSE SLES12 Security Update : xen (SUSE-SU-2017:2319-1)NessusSuSE Local Security Checks
high
102209Debian DSA-3925-1 : qemu - security updateNessusDebian Local Security Checks
medium