Launchpad CVE tracker

CVE 2017-8086

Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.

Related bugs and status

CVE-2017-8086 (Candidate) is related to these bugs:

Bug #1581936: Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)

		In	Importance	Status
1581936	Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)	QEMU	Undecided	Fix Released
1581936	Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)	qemu (Ubuntu)	High	Fix Released
1581936	Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)	qemu (Ubuntu Xenial)	High	Fix Released
1581936	Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)	qemu (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2017042...
MLIST: [qemu-devel] 20170410 ...
CONFIRM: http://git.qemu.org/?p...
CONFIRM: https://bugzilla.redha...
BID: 98012
GENTOO: GLSA-201706-03
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2017-8086

Related bugs and status

Related bugs

References