Multiple vulnerabilities in QEMU

1) Denial of service

EUVDB-ID: #VU8113

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2017-7539

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on a targeted system.

The weakness exists due to an assertion failure when handling malicious input. A remote attacker can submit a specially crafted data during initial connection negotiation and cause the qemu-nbd server to stop functioning.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.
https://git.qemu.org/?p=qemu.git;a=patch;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b

Vulnerable software versions

QEMU: 2.7.0 - 2.9.0

CPE2.3

• cpe:2.3::::2.9.0:*:*:*:*:*:*:*

External links

http://git.qemu.org/?p=qemu.git;a=commit;h=ff82911cd3f69f028f2537825c9720ff78bc3f19

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Stack-based buffer overflow

EUVDB-ID: #VU14217

Risk: High

CVSSv3.1:

CVE-ID: CVE-2017-15118

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the network block device (NBD) server implementation due to stack-based buffer overflow when handling malicious input. A remote unauthenticated attacker can send a large export-name request, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Mitigation

Update to version 2.11 or later.

Vulnerable software versions

QEMU: 2.0 - 2.10.2

CPE2.3

• cpe:2.3:a:qemu:qemu:2.6.2:*:*:*:*:*:*:*

External links

http://git.qemu.org/?p=qemu.git&a=commit&h=f37708f6b8

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?