#VU33055 Infinite loop in QEMU - CVE-2017-6505

Cybersecurity Help s.r.o.

Published: 2017-03-15 | Updated: 2020-08-03

Vulnerability identifier: #VU33055

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6505

CWE-ID: CWE-835

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
QEMU
Client/Desktop applications / Virtualization software

Vendor: QEMU

Description

The vulnerability allows a local authenticated user to a crash the entire system.

The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.

Mitigation
Install update from vendor's website.

Vulnerable software versions

QEMU: 2.0 - 2.8.1.1

External links
https://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
https://www.openwall.com/lists/oss-security/2017/03/06/6
https://www.securityfocus.com/bid/96611
https://bugzilla.redhat.com/show_bug.cgi?id=1429432
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://security.gentoo.org/glsa/201704-01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Infinite loop in qemu (Alpine package)

OpenSUSE Linux update for xen

SUSE Linux update for xen

Infinite loop in QEMU