5.5

CVE-2017-5973

The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.8.1.1
DebianDebian Linux Version8.0
RedhatOpenstack Version6.0
RedhatOpenstack Version7.0
RedhatOpenstack Version8
RedhatOpenstack Version9
RedhatOpenstack Version10
RedhatOpenstack Version11
RedhatVirtualization Version4.0
   RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.27
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://www.openwall.com/lists/oss-security/2017/02/13/11
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96220
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1421626
Patch
Third Party Advisory
Issue Tracking