CVE-2017-9060

Published: 1 June 2017

Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Not vulnerable (code not present)
	upstream	Needed
	xenial	Not vulnerable (code not present)
	yakkety	Ignored (reached end-of-life)
	zesty	Released (1:2.8+dfsg-3ubuntu2.4)
qemu-kvm Launchpad, Ubuntu, Debian	precise	Not vulnerable (code not present)
	trusty	Does not exist
	upstream	Needed
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9060
https://ubuntu.com/security/notices/USN-3414-1
NVD
Launchpad
Debian

Bugs

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›