Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C
Vendors Products
Redhat
  • Openstack
Debian
  • Debian Linux
Qemu
  • Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
References
Link Resource
http://www.openwall.com/lists/oss-security/2017/05/03/2 Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/98277 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2408 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html Mailing List Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html Mailing List Patch Third Party Advisory
https://security.gentoo.org/glsa/201706-03 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-05-23T03:56:00

Updated: 2018-09-07T09:57:01

Reserved: 2017-04-30T00:00:00

Link: CVE-2017-8379

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2017-05-23T04:29:02.180

Modified: 2021-08-04T17:15:35.690

Link: CVE-2017-8379

JSON object: View

cve-icon Redhat Information

No data.

CWE