CVE-2017-9524

Published: 06 July 2017

The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af
Upstream: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=0c9390d978cbf61e8f16c9f580fa96b305c43568
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist