CVE-2017-8112

Advisory lineage Upstream: 0 Downstream: 11
Modified
Published: 02 May 2017, 14:00
Last modified:05 Aug 2024, 16:27

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.06% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

02 May 2017, 14:00
Published
Vulnerability first disclosed
05 Aug 2024, 16:27
Last Modified
Vulnerability information updated

Description

hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.

CVSS Metrics

  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • v2.0MEDIUMScore: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.06% Percentile: 18%

Techniques & Countermeasures

  • CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')

    The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Systems

  • debiandebian_linux

    8.0

  • qemuqemu

    ≤ 2.9.1

References (6)