CVE-2017-8284

Publication date 26 April 2017

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qemu	17.04 zesty	Ignored
	16.10 yakkety	Ignored
	16.04 LTS xenial	Ignored
	14.04 LTS trusty	Ignored
	12.04 LTS precise	Not in release
qemu-kvm	17.04 zesty	Not in release
	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Ignored

Notes

mdeslaur

upstream disputed this has a security impact. Ignoring.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qemu	Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=30663fd26c0307e414622c7a8607fbc04f92ec14

Severity score breakdown

Parameter	Value
Base score	7.0 · High
Attack vector	Local
Attack complexity	High
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Other references

https://www.cve.org/CVERecord?id=CVE-2017-8284