CVE-2017-17381

Published: Dec 7, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.

Affected (6)

Products: Qemu: Qemu · Debian: Debian Linux

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 2.10.2
Qemu Qemu	Version 2.11.0 rc0
Qemu Qemu	Version 2.11.0 rc1
Qemu Qemu	Version 2.11.0 rc2
Qemu Qemu	Version 2.11.0 rc3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

CWE-369

Divide By Zero

The product divides a value by zero.

References (10)

http://www.openwall.com/lists/oss-security/2017/12/05/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/102059

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/3575-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4213

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2017/12/05/2