Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-5579

Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

Published

2017-03-15T15:59:00.890

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qemu	qemu	≤ 2.8.1.1	Yes
Application	qemu	qemu	2.9.0	Yes
Application	qemu	qemu	2.9.0	Yes
Application	qemu	qemu	2.9.0	Yes
Application	qemu	qemu	2.9.0	Yes
Application	qemu	qemu	2.9.0	Yes
Application	qemu	qemu	2.9.0	Yes
Operating System	debian	debian_linux	8.0	Yes

References

http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b ([email protected])
http://www.openwall.com/lists/oss-security/2017/01/24/8 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2017/01/25/3 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/95780 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2017:2392 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:2408 Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201702-28 Third Party Advisory ([email protected])
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2017/01/24/8 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2017/01/25/3 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/95780 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2392 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2408 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201702-28 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)