CVE-2017-6505 - OpenCVE

The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
http://www.openwall.com/lists/oss-security/2017/03/06/6	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/96611	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1429432	Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	Third Party Advisory
https://security.gentoo.org/glsa/201704-01	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-03-15T14:00:00

Updated: 2018-09-07T09:57:01

Reserved: 2017-03-06T00:00:00

Link: CVE-2017-6505

JSON object: View

NVD Information

Status : Modified

Published: 2017-03-15T14:59:01.150

Modified: 2023-11-07T02:49:56.220

Link: CVE-2017-6505

JSON object: View

Redhat Information

No data.

CWE

CWE-835

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-06T00:00:00", "descriptions": [{"lang": "en", "value": "The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-07T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429432"}, {"name": "GLSA-201704-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201704-01"}, {"name": "96611", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96611"}, {"name": "[oss-security] 20170306 CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/03/06/6"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-6505", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb", "refsource": "CONFIRM", "url": "http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1429432", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429432"}, {"name": "GLSA-201704-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201704-01"}, {"name": "96611", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96611"}, {"name": "[oss-security] 20170306 CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/03/06/6"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-6505", "datePublished": "2017-03-15T14:00:00", "dateReserved": "2017-03-06T00:00:00", "dateUpdated": "2018-09-07T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A965C2D1-C447-4324-95A4-27285ECF8909", "versionEndIncluding": "2.8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330."}, {"lang": "es", "value": "La funci\u00f3n ohci_service_ed_list en hw/usb/hcd-ohci.c en QEMU (tambi\u00e9n conocido como Quick Emulator) en versiones anteriores a la 2.9.0 permite que los usuarios locales del sistema operativo invitado provoquen una denegaci\u00f3n de servicio (bucle infinito) mediante vectores que involucran el n\u00famero de descriptores de la lista de endpoints de enlace. Esta es una vulnerabilidad diferente de CVE-2017-9330."}], "id": "CVE-2017-6505", "lastModified": "2023-11-07T02:49:56.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-15T14:59:01.150", "references": [{"source": "cve@mitre.org", "url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/03/06/6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96611"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429432"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201704-01"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}