Your submission was sent successfully! Close


Published: 26 April 2017

** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes."



CVSS 3 base score: 7.0


Package Release Status
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Ignored

upstream Needs triage

xenial Ignored

yakkety Ignored

zesty Ignored

Launchpad, Ubuntu, Debian
precise Ignored

trusty Does not exist

upstream Needs triage

xenial Does not exist

yakkety Does not exist

zesty Does not exist