Package pve-qemu updated to version 2.9.1-alt0.M80P.4 for branch p8 in task 195942.

Published: 2017-12-01

BDU:2019-04122

Уязвимость компонента Virtio Vring эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References:

CVE-2017-17381

Published: 2017-12-07
Modified: 2024-11-21

CVE-2017-17381

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References:

[oss-security] 20171205 CVE-2017-17381 Qemu: virtio: divide by zero exception while updating rings
[oss-security] 20171205 CVE-2017-17381 Qemu: virtio: divide by zero exception while updating rings
102059
102059
[qemu-devel] 20171201 [PULL 6/7] virtio: check VirtQueue Vring object is set
[qemu-devel] 20171201 [PULL 6/7] virtio: check VirtQueue Vring object is set
USN-3575-1
USN-3575-1
DSA-4213
DSA-4213

Version: 2.1.0

Package pve-qemu update in p8 on 2017-12-07

ALT-PU-2017-2765-1

Closed vulnerabilities

BDU:2019-04122

CVE-2017-17381