Memory corruption in QEMU - CVE-2017-9060
Published: June 6, 2017 / Updated: June 8, 2017
Vulnerability identifier: #VU6945
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2017-9060
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: QEMU
Affected software:
QEMU
QEMU
Detailed vulnerability description
Memory leak in the virtio_gpu_set_scanout function in
hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest
OS users to cause a denial of service (memory consumption) via a large
number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.
How to mitigate CVE-2017-9060
Update to version 2.9.0-r2.