5.5

CVE-2017-5987

The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.

Data is provided by the National Vulnerability Database (NVD)
QemuQemu Version <= 2.8.1.1
QemuQemu Version2.9.0 Updaterc0
QemuQemu Version2.9.0 Updaterc1
QemuQemu Version2.9.0 Updaterc2
QemuQemu Version2.9.0 Updaterc3
QemuQemu Version2.9.0 Updaterc4
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.172
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://www.openwall.com/lists/oss-security/2017/02/14/8
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96263
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1421995
Third Party Advisory
Issue Tracking