CVE-2017-14167

Published: Sep 8, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

100694

vdb-entry

x_refsource_BID

RHSA-2017:3473

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update

mailing-list

x_refsource_MLIST

DSA-3991

vendor-advisory

x_refsource_DEBIAN

RHSA-2017:3470

vendor-advisory

x_refsource_REDHAT

RHSA-2017:3472

vendor-advisory

x_refsource_REDHAT

RHSA-2017:3474

vendor-advisory

x_refsource_REDHAT

USN-3575-1

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20170907 CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image

mailing-list

x_refsource_MLIST

RHSA-2017:3471

vendor-advisory

x_refsource_REDHAT

RHSA-2017:3368

vendor-advisory

x_refsource_REDHAT

RHSA-2017:3466

vendor-advisory

x_refsource_REDHAT

[qemu-devel] 20170905 [PATCH] multiboot: validate multiboot header address values

mailing-list

x_refsource_MLIST

RHSA-2017:3369

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-14167

Description

Affected Products

References