CVE-2017-7377

Published: Apr 10, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update

mailing-list

x_refsource_MLIST

[oss-security] 20170403 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create

mailing-list

x_refsource_MLIST

GLSA-201706-03

vendor-advisory

x_refsource_GENTOO

https://bugzilla.redhat.com/show_bug.cgi?id=1437871

x_refsource_CONFIRM

http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e

x_refsource_CONFIRM

[qemu-devel] 20170328 [PULL 1/2] 9pfs: fix file descriptor leak

mailing-list

x_refsource_MLIST

97319

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-7377

Description

Affected Products

References