CVE-2017-8284 — Code Injection in Qemu

CWE-94 — Code Injection7 documents6 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 71.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedApr 26

Latest updateMay 13

Description

The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/qemu< qemu 1:2.10.0-1 (bookworm)

▶Debianqemu/qemu< 1:2.10.0-1+3

▶NVDqemu/qemu2.8.1.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-rw7x-4625-rjj4: ** DISPUTED ** The disas_insn function in target/i386/translate↗2022-05-13

▶

OSV

CVE-2017-8284: The disas_insn function in target/i386/translate↗2017-04-26

▶

📋Vendor Advisories

Red Hat

QEMU: privilege escalation via disas_insn function in TCG mode↗2019-10-02

▶

Debian

CVE-2017-8284: qemu - The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TC...↗2017

▶

💬Community

Bugzilla

CVE-2017-8284 QEMU: privilege escalation via disas_insn function in TCG mode↗2019-11-07

▶

Bugzilla

CVE-2017-8284 qemu: privilege escalation via disas_insn function in TCG mode [epel-7]↗2019-11-07

▶