CVE-2017-5579

Published: Mar 15, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

Affected (8)

Products: Qemu: Qemu · Debian: Debian Linux

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 2.8.1.1
Qemu Qemu	Version 2.9.0 rc0
Qemu Qemu	Version 2.9.0 rc1
Qemu Qemu	Version 2.9.0 rc2
Qemu Qemu	Version 2.9.0 rc3
Qemu Qemu	Version 2.9.0 rc4
Qemu Qemu	Version 2.9.0 rc5

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (16)

http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2017/01/24/8

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2017/01/25/3

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/95780

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2392

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2408

Source: secalert@redhat.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Source: secalert@redhat.com

Third Party Advisory

https://security.gentoo.org/glsa/201702-28

Source: secalert@redhat.com

Third Party Advisory

http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2017/01/24/8

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2017/01/25/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/95780

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2392

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2408

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201702-28

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.