[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-USN-3414-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":66,"duplicates":67,"related":68,"reserved_at":9,"published_at":82,"modified_at":83,"state":9,"summary":84,"references_raw":86,"kevs":158,"epss":9,"epss_history":159,"metrics":160,"affected":161},"USN-3414-1","qemu vulnerabilities\n\nLeo Gaspard discovered that QEMU incorrectly handled VirtFS access control.\nA guest attacker could use this issue to elevate privileges inside the\nguest. (CVE-2017-7493)\n\nLi Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation.\nA privileged attacker inside the guest could use this issue to cause QEMU\nto consume resources or crash, resulting in a denial of service.\n(CVE-2017-8112)\n\nIt was discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2 Host\nBus Adapter emulation support. A privileged attacker inside the guest could\nuse this issue to cause QEMU to crash, resulting in a denial of service, or\npossibly to obtain sensitive host memory. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 17.04. (CVE-2017-8380)\n\nLi Qiang discovered that QEMU incorrectly handled the Virtio GPU device. An\nattacker inside the guest could use this issue to cause QEMU to consume\nresources and crash, resulting in a denial of service. This issue only\naffected Ubuntu 17.04. (CVE-2017-9060)\n\nLi Qiang discovered that QEMU incorrectly handled the e1000e device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\nhang, resulting in a denial of service. This issue only affected Ubuntu\n17.04. (CVE-2017-9310)\n\nLi Qiang discovered that QEMU incorrectly handled USB OHCI emulation\nsupport. An attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. (CVE-2017-9330)\n\nLi Qiang discovered that QEMU incorrectly handled IDE AHCI emulation\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to consume resources and crash, resulting in a denial of\nservice. (CVE-2017-9373)\n\nLi Qiang discovered that QEMU incorrectly handled USB EHCI emulation\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to consume resources and crash, resulting in a denial of\nservice. (CVE-2017-9374)\n\nLi Qiang discovered that QEMU incorrectly handled USB xHCI emulation\nsupport. A privileged attacker inside the guest could use this issue to\ncause QEMU to hang, resulting in a denial of service. (CVE-2017-9375)\n\nZhangyanyu discovered that QEMU incorrectly handled MegaRAID SAS 8708EM2\nHost Bus Adapter emulation support. A privileged attacker inside the guest\ncould use this issue to cause QEMU to crash, resulting in a denial of\nservice. (CVE-2017-9503)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled\ninitialization. A remote attacker could use this issue to cause the server\nto crash, resulting in a denial of service. (CVE-2017-9524)\n\nIt was discovered that the QEMU qemu-nbd server incorrectly handled\nsignals. A remote attacker could use this issue to cause the server to\ncrash, resulting in a denial of service. (CVE-2017-10664)\n\nLi Qiang discovered that the QEMU USB redirector incorrectly handled\nlogging debug messages. An attacker inside the guest could use this issue\nto cause QEMU to crash, resulting in a denial of service. (CVE-2017-10806)\n\nAnthony Perard discovered that QEMU incorrectly handled Xen block-interface\nresponses. An attacker inside the guest could use this issue to cause QEMU\nto leak contents of host memory. (CVE-2017-10911)\n\nReno Robert discovered that QEMU incorrectly handled certain DHCP options\nstrings. An attacker inside the guest could use this issue to cause QEMU\nto crash, resulting in a denial of service. (CVE-2017-11434)\n\nRyan Salsamendi discovered that QEMU incorrectly handled empty CDROM device\ndrives. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. This issue only\naffected Ubuntu 16.04 LTS and Ubuntu 17.04. (CVE-2017-12809)\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64],{"_key":15},"CVE-2017-10664",{"_key":17},"CVE-2017-10806",{"_key":19},"CVE-2017-10911",{"_key":21},"CVE-2017-11434",{"_key":23},"CVE-2017-12809",{"_key":25},"CVE-2017-7493",{"_key":27},"CVE-2017-8112",{"_key":29},"CVE-2017-8380",{"_key":31},"CVE-2017-9330",{"_key":33},"CVE-2017-9373",{"_key":35},"CVE-2017-9374",{"_key":37},"CVE-2017-9375",{"_key":39},"CVE-2017-9503",{"_key":41},"UBUNTU-CVE-2017-10664",{"_key":43},"UBUNTU-CVE-2017-10806",{"_key":45},"UBUNTU-CVE-2017-10911",{"_key":47},"UBUNTU-CVE-2017-11434",{"_key":49},"UBUNTU-CVE-2017-12809",{"_key":51},"UBUNTU-CVE-2017-7493",{"_key":53},"UBUNTU-CVE-2017-8112",{"_key":55},"UBUNTU-CVE-2017-8380",{"_key":57},"UBUNTU-CVE-2017-9330",{"_key":59},"UBUNTU-CVE-2017-9373",{"_key":61},"UBUNTU-CVE-2017-9374",{"_key":63},"UBUNTU-CVE-2017-9375",{"_key":65},"UBUNTU-CVE-2017-9503",[],[],[69,70,71,72,73,74,75,76,77,78,79,80,81],{"_key":41},{"_key":43},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":45},"2017-09-13T11:58:25.128173Z","2026-02-04T03:09:55.561237Z",{"cisa_kev":85,"cisa_ransomware":85,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[87,93,98,102,106,110,114,118,122,126,130,134,138,142,146,150,154],{"url":88,"sources":89,"tags":91},"https://ubuntu.com/security/notices/USN-3414-1",[90],"osv_ubuntu",[92],"Advisory",{"url":94,"sources":95,"tags":96},"https://ubuntu.com/security/CVE-2017-7493",[90],[97],"REPORT",{"url":99,"sources":100,"tags":101},"https://ubuntu.com/security/CVE-2017-8112",[90],[97],{"url":103,"sources":104,"tags":105},"https://ubuntu.com/security/CVE-2017-8380",[90],[97],{"url":107,"sources":108,"tags":109},"https://ubuntu.com/security/CVE-2017-9060",[90],[97],{"url":111,"sources":112,"tags":113},"https://ubuntu.com/security/CVE-2017-9310",[90],[97],{"url":115,"sources":116,"tags":117},"https://ubuntu.com/security/CVE-2017-9330",[90],[97],{"url":119,"sources":120,"tags":121},"https://ubuntu.com/security/CVE-2017-9373",[90],[97],{"url":123,"sources":124,"tags":125},"https://ubuntu.com/security/CVE-2017-9374",[90],[97],{"url":127,"sources":128,"tags":129},"https://ubuntu.com/security/CVE-2017-9375",[90],[97],{"url":131,"sources":132,"tags":133},"https://ubuntu.com/security/CVE-2017-9503",[90],[97],{"url":135,"sources":136,"tags":137},"https://ubuntu.com/security/CVE-2017-9524",[90],[97],{"url":139,"sources":140,"tags":141},"https://ubuntu.com/security/CVE-2017-10664",[90],[97],{"url":143,"sources":144,"tags":145},"https://ubuntu.com/security/CVE-2017-10806",[90],[97],{"url":147,"sources":148,"tags":149},"https://ubuntu.com/security/CVE-2017-10911",[90],[97],{"url":151,"sources":152,"tags":153},"https://ubuntu.com/security/CVE-2017-11434",[90],[97],{"url":155,"sources":156,"tags":157},"https://ubuntu.com/security/CVE-2017-12809",[90],[97],[],[],[],[162],{"ecosystem":163,"name":164,"vendor":165,"product":164,"cpe_part":9,"purl_type":166,"purl_namespace":165,"purl_name":164,"source":9,"versions":167},"Ubuntu","qemu","ubuntu","deb",[168,174],{"version":169,"is_range":170,"range_type":171,"version_start":9,"version_start_type":9,"version_end":172,"version_end_type":173,"fixed_in":9},"lt2_0_0+dfsg_2ubuntu1_35",true,"ecosystem","2.0.0+dfsg-2ubuntu1.35","excluding",{"version":175,"is_range":170,"range_type":171,"version_start":9,"version_start_type":9,"version_end":176,"version_end_type":173,"fixed_in":9},"lt1:2_5+dfsg_5ubuntu10_15","1:2.5+dfsg-5ubuntu10.15"]