5.5

CVE-2017-5973

The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.8.1.1
DebianDebian Linux Version8.0
RedhatOpenstack Version6.0
RedhatOpenstack Version7.0
RedhatOpenstack Version8
RedhatOpenstack Version9
RedhatOpenstack Version10
RedhatOpenstack Version11
RedhatVirtualization Version4.0
   RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.361
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://access.redhat.com/errata/RHSA-2017:2392
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2408
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Third Party Advisory
https://security.gentoo.org/glsa/201704-01
Third Party Advisory
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b
http://www.openwall.com/lists/oss-security/2017/02/13/11
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96220
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1421626
Patch
Third Party Advisory
Issue Tracking
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
Patch
Third Party Advisory