CVE-2017-12809NULL Pointer Dereference in Qemu

CWE-476NULL Pointer Dereference13 documents8 sources
Severity
6.5MEDIUMNVD
OSV7.8
EPSS
0.1%
top 80.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuDebian Linux
Timeline
PublishedAug 23
Latest updateMay 13

Description

QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.10.0-1 (bookworm)
Debianqemu/qemu< 1:2.10.0-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.36+3
NVDqemu/qemu2.9.1+1

Also affects: Debian Linux 9.0

Patches

Patch: lists.gnu.orgPatch: lists.gnu.org

🔴Vulnerability Details

4
GHSA
GHSA-2m2j-2qxm-fr56: QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of s2022-05-13
OSV
qemu regression2017-09-20
OSV
qemu vulnerabilities2017-09-13
OSV
CVE-2017-12809: QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of s2017-08-23

📋Vendor Advisories

4
Ubuntu
QEMU regression2017-09-20
Ubuntu
QEMU vulnerabilities2017-09-13
Red Hat
Qemu: ide: flushing of empty CDROM drives leads to NULL dereference2017-07-11
Debian
CVE-2017-12809: qemu - QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator ...2017

🕵️Threat Intelligence

2
Unit42
Palo Alto Networks Discovers New QEMU Vulnerability2017-09-14
Unit42
Palo Alto Networks Discovers New QEMU Vulnerability2017-09-14

💬Community

2
Bugzilla
CVE-2017-12809 Qemu: ide: flushing of empty CDROM drives leads to NULL dereference2017-08-21
Bugzilla
CVE-2017-12809 Qemu: ide: flushing of empty CDROM drives leads to NULL dereference [fedora-all]2017-08-21