Out-of-bounds read in QEMU - CVE-2017-8380
Published: June 6, 2017 / Updated: June 8, 2017
Vulnerability identifier: #VU6944
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2017-8380
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: QEMU
Affected software:
QEMU
QEMU
Detailed vulnerability description
Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus Adapter
emulation support is vulnerable to an out-of-bounds read access issue. It
could occur while performing a MMIO write operation.
A privileged user inside guest could use this flaw to read host memory
leading to potentially crash the Qemu process on the host.
How to mitigate CVE-2017-8380
Update to version 2.9.0-r2.