CVE-2017-8379

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.

References

https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html

http://www.securityfocus.com/bid/98277

http://www.openwall.com/lists/oss-security/2017/05/03/2

https://security.gentoo.org/glsa/201706-03

https://access.redhat.com/errata/RHSA-2017:2408

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Details

Source: MITRE

Published: 2017-05-23

Updated: 2021-08-04

Type: CWE-772

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 2

Severity: MEDIUM

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
144829EulerOS Virtualization 3.0.2.6 : qemu (EulerOS-SA-2021-1057)NessusHuawei Local Security Checks
critical
125585EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2019-1633)NessusHuawei Local Security Checks
critical
124947EulerOS Virtualization 3.0.1.0 : qemu (EulerOS-SA-2019-1444)NessusHuawei Local Security Checks
high
124908EulerOS Virtualization for ARM 64 3.0.1.0 : qemu-kvm (EulerOS-SA-2019-1405)NessusHuawei Local Security Checks
high
117351Debian DLA-1497-1 : qemu security update (Spectre)NessusDebian Local Security Checks
critical
104471SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2946-1)NessusSuSE Local Security Checks
critical
103342Fedora 25 : xen (2017-ed735463e3)NessusFedora Local Security Checks
high
102796Fedora 26 : xen (2017-b8fa8e1a13)NessusFedora Local Security Checks
high
102008Fedora 25 : 2:qemu (2017-f941184db1)NessusFedora Local Security Checks
critical
101758openSUSE Security Update : qemu (openSUSE-2017-822)NessusSuSE Local Security Checks
critical
101227SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1774-1)NessusSuSE Local Security Checks
critical
100630GLSA-201706-03 : QEMU: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
100250Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : qemu vulnerabilities (USN-3289-1)NessusUbuntu Local Security Checks
high