Vulnerability Description
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qemu | Qemu | <= 2.8.1.1 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4a
- http://www.openwall.com/lists/oss-security/2017/01/18/1Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2017/01/18/8Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/95669Third Party AdvisoryVDB Entry
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlThird Party Advisory
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4a
- http://www.openwall.com/lists/oss-security/2017/01/18/1Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2017/01/18/8Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/95669Third Party AdvisoryVDB Entry
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlThird Party Advisory
FAQ
What is CVE-2017-5526?
CVE-2017-5526 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of...
How severe is CVE-2017-5526?
CVE-2017-5526 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5526?
Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Debian Debian Linux.