Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Debian
  • Debian Linux
Qemu
  • Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References
Link Resource
http://www.debian.org/security/2017/dsa-3991 Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/09/07/2 Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/100694 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:3368 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3369 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3466 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3470 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3471 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3472 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3473 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3474 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html Third Party Advisory
https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01032.html Mailing List Patch Third Party Advisory
https://usn.ubuntu.com/3575-1/ Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-08T18:00:00

Updated: 2018-09-07T09:57:01

Reserved: 2017-09-06T00:00:00

Link: CVE-2017-14167

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2017-09-08T18:29:00.297

Modified: 2020-11-16T20:21:11.367

Link: CVE-2017-14167

JSON object: View

cve-icon Redhat Information

No data.

CWE