Your submission was sent successfully! Close

CVE-2017-12809

Published: 23 August 2017

QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial
Released (1:2.5+dfsg-5ubuntu10.15)
zesty
Released (1:2.8+dfsg-3ubuntu2.4)
Patches:
upstream: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=4da97120d51a4383aa96d741a2b837f8c4bbcd0b
qemu-kvm
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Does not exist

upstream Needs triage

xenial Does not exist

zesty Does not exist