CVE-2007-1366 — Qemu vulnerability

9 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 80.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux

Timeline

PublishedMay 2

Latest updateMay 1

Description

QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/qemu< qemu 0.9.0-2 (bookworm)

▶Debianqemu/qemu< 0.9.0-2+3

▶NVDqemu/qemu0.8.2

Also affects: Debian Linux 3.1, 4.0

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-p6fx-39vq-68cw: QEMU 0↗2022-05-01

▶

OSV

CVE-2007-1366: QEMU 0↗2007-05-02

▶

💥Exploits & PoCs

Exploit-DB

X.Org X Window System Xserver 1.3 - XRender Extension Divide by Zero Denial of Service↗2007-05-01

▶

📋Vendor Advisories

Red Hat

xen aam instruction crash↗2007-04-20

▶

Debian

CVE-2007-1366: qemu - QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand...↗2007

▶

💬Community

Bugzilla

CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities↗2007-09-26

▶

Bugzilla

CVE-2007-1366 xen aam instruction crash↗2007-09-19

▶

Bugzilla

CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities↗2007-05-02

▶