Launchpad CVE tracker

CVE 2017-7377

The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.

Related bugs and status

CVE-2017-7377 (Candidate) is related to these bugs:

Bug #1581936: Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)

		In	Importance	Status
1581936	Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)	QEMU	Undecided	Fix Released
1581936	Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)	qemu (Ubuntu)	High	Fix Released
1581936	Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)	qemu (Ubuntu Xenial)	High	Fix Released
1581936	Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)	qemu (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2017040...
MLIST: [qemu-devel] 20170328 ...
CONFIRM: http://git.qemu-projec...
CONFIRM: https://bugzilla.redha...
BID: 97319
GENTOO: GLSA-201706-03
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2017-7377

Related bugs and status

Related bugs

References