Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-17381

Published: 6 December 2017

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.

Notes

AuthorNote
mdeslaur
trusty doesn't look affected

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
artful
Released (1:2.10+dfsg-0ubuntu3.5)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial
Released (1:2.5+dfsg-5ubuntu10.22)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=758ead31c7e17bf17a9ef2e0ca1c3e86ab296b43
qemu-kvm
Launchpad, Ubuntu, Debian
artful Does not exist

precise Not vulnerable
(code not present)
trusty Does not exist

upstream Needs triage

xenial Does not exist

zesty Does not exist