CVE - CVE-2017-5667

CVE-ID
CVE-2017-5667	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:95885 URL:http://www.securityfocus.com/bid/95885 MISC:GLSA-201702-28 URL:https://security.gentoo.org/glsa/201702-28 MISC:[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html MISC:[oss-security] 20170130 CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer URL:http://www.openwall.com/lists/oss-security/2017/01/30/2 MISC:[oss-security] 20170131 Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer URL:http://www.openwall.com/lists/oss-security/2017/01/31/10 MISC:[oss-security] 20170212 Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer URL:http://www.openwall.com/lists/oss-security/2017/02/12/1 MISC:http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9 URL:http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1417559 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1417559
Assigning CNA
Red Hat, Inc.
Date Record Created
20170131	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20170131)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)