Main Vulnerability Database Vulnerabilities #VU6947

Infinite loop in QEMU - CVE-2017-9330

Published: June 6, 2017 / Updated: June 8, 2017

Vulnerability identifier: #VU6947

CSH Severity: Low

CVSS v4.0:

CVE-ID: CVE-2017-9330

CWE-ID: CWE-835

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: QEMU

Affected software:
QEMU

Detailed vulnerability description

Quick Emulator built with the USB OHCI Emulation support is vulnerable to an infinite loop issue. It could occur while processing an endpoint list descriptor in ohci_service_ed_list(). A guest user/process could use this flaw to crash Qemu process resulting in DoS.

How to mitigate CVE-2017-9330

Update to version 2.9.0-r2.

Sources

http://git.qemu.org/?p=qemu.git;a=commitdiff;h=26f670a244982335cc08943fb1ec099a2c81e42d

Infinite loop in QEMU - CVE-2017-9330

Detailed vulnerability description

How to mitigate CVE-2017-9330

Sources

Please verify you're human