CVE-2017-8379 — MEDIUM (6.5)

Q: How severe is CVE-2017-8379?

CVE-2017-8379 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-8379?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Debian Debian Linux, Redhat Openstack.

Vulnerability Description

Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qemu	Qemu	<= 2.9.1
Debian	Debian Linux	8.0
Redhat	Openstack	6.0

Related Weaknesses (CWE)

CWE-772

References

http://www.openwall.com/lists/oss-security/2017/05/03/2Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/98277Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlMailing ListThird Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.htmlMailing ListPatchThird Party Advisory
https://security.gentoo.org/glsa/201706-03Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/05/03/2Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/98277Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlMailing ListThird Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.htmlMailing ListPatchThird Party Advisory
https://security.gentoo.org/glsa/201706-03Third Party Advisory

FAQ

What is CVE-2017-8379?

CVE-2017-8379 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generatin...

How severe is CVE-2017-8379?

CVE-2017-8379 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8379?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Debian Debian Linux, Redhat Openstack.