CVE-2017-15268high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
References
http://www.securityfocus.com/bid/101277
https://access.redhat.com/errata/RHSA-2018:0816
https://access.redhat.com/errata/RHSA-2018:1104
https://bugs.launchpad.net/qemu/+bug/1718964
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html
Details
Source: MITRE
Published: 2017-10-12
Updated: 2019-10-03
Type: CWE-772
Risk Information
CVSS v2
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.10.0 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 124947 | EulerOS Virtualization 3.0.1.0 : qemu (EulerOS-SA-2019-1444) | Nessus | Huawei Local Security Checks | high |
| 124908 | EulerOS Virtualization for ARM 64 3.0.1.0 : qemu-kvm (EulerOS-SA-2019-1405) | Nessus | Huawei Local Security Checks | high |
| 110865 | EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2018-1201) | Nessus | Huawei Local Security Checks | high |
| 110457 | Amazon Linux AMI : qemu-kvm (ALAS-2018-1034) (Spectre) | Nessus | Amazon Linux Local Security Checks | high |
| 110451 | Amazon Linux 2 : qemu-kvm (ALAS-2018-1034) (Spectre) | Nessus | Amazon Linux Local Security Checks | high |
| 110208 | Debian DSA-4213-1 : qemu - security update (Spectre) | Nessus | Debian Local Security Checks | critical |
| 110148 | EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2018-1144) | Nessus | Huawei Local Security Checks | high |
| 109511 | EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2018-1113) | Nessus | Huawei Local Security Checks | high |
| 109458 | Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20180410) | Nessus | Scientific Linux Local Security Checks | high |
| 109372 | CentOS 7 : qemu-kvm (CESA-2018:0816) | Nessus | CentOS Local Security Checks | high |
| 109106 | Oracle Linux 7 : qemu-kvm (ELSA-2018-0816) | Nessus | Oracle Linux Local Security Checks | high |
| 109070 | RHEL 7 : Virtualization (RHSA-2018:1104) | Nessus | Red Hat Local Security Checks | critical |
| 108986 | RHEL 7 : qemu-kvm (RHSA-2018:0816) | Nessus | Red Hat Local Security Checks | high |
| 107145 | Ubuntu 14.04 LTS / 16.04 LTS : qemu regression (USN-3575-2) | Nessus | Ubuntu Local Security Checks | critical |
| 106927 | Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : qemu vulnerabilities (USN-3575-1) | Nessus | Ubuntu Local Security Checks | critical |
| 105928 | Fedora 27 : 2:qemu (2017-8db9c497f9) | Nessus | Fedora Local Security Checks | high |
| 104446 | Fedora 26 : 2:qemu (2017-9149114fba) | Nessus | Fedora Local Security Checks | high |
| 104429 | SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2936-1) | Nessus | SuSE Local Security Checks | high |
| 104424 | openSUSE Security Update : qemu (openSUSE-2017-1249) | Nessus | SuSE Local Security Checks | high |
| 104423 | openSUSE Security Update : qemu (openSUSE-2017-1248) | Nessus | SuSE Local Security Checks | high |
| 104376 | SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2924-1) | Nessus | SuSE Local Security Checks | high |