Memory corruption in QEMU - CVE-2017-8379
Published: June 6, 2017 / Updated: June 8, 2017
Vulnerability identifier: #VU6943
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2017-8379
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: QEMU
Affected software:
QEMU
QEMU
Detailed vulnerability description
Memory leak in the keyboard input event handlers support in QEMU (aka
Quick Emulator) allows local guest OS privileged users to cause a denial
of service (host memory consumption) by rapidly generating large
keyboard events.
How to mitigate CVE-2017-8379
Update to version 2.9.0-r2.