NVD Vulnerability Detail

CVE-2017-5973

Summary	The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
Publication Date	March 28, 2017, 12:59 a.m.
Registration Date	Jan. 26, 2021, 1:26 p.m.
Last Update	Nov. 21, 2024, 12:28 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:qemu:qemu::::::::			2.8.1.1

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:redhat:virtualization:4.0:::::::*
execution environment
1	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b
2	http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b
3	http://www.openwall.com/lists/oss-security/2017/02/13/11	Mailing List Patch Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2017/02/13/11	Mailing List Patch Third Party Advisory
5	http://www.securityfocus.com/bid/96220	Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/96220	Third Party Advisory VDB Entry
7	https://access.redhat.com/errata/RHSA-2017:2392	Third Party Advisory
8	https://access.redhat.com/errata/RHSA-2017:2392	Third Party Advisory
9	https://access.redhat.com/errata/RHSA-2017:2408	Third Party Advisory
10	https://access.redhat.com/errata/RHSA-2017:2408	Third Party Advisory
11	https://bugzilla.redhat.com/show_bug.cgi?id=1421626	Issue Tracking Patch Third Party Advisory
12	https://bugzilla.redhat.com/show_bug.cgi?id=1421626	Issue Tracking Patch Third Party Advisory
13	https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	Third Party Advisory
14	https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	Third Party Advisory
15	https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html	Patch Third Party Advisory
16	https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html	Patch Third Party Advisory
17	https://security.gentoo.org/glsa/201704-01	Third Party Advisory
18	https://security.gentoo.org/glsa/201704-01	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-835	無限ループ	https://cwe.mitre.org/data/definitions/835.html

JVN Vulnerability Information

QEMU の hw/usb/hcd-xhci.c の xhci_kick_epctx 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	QEMU の hw/usb/hcd-xhci.c の xhci_kick_epctx 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	QEMU (別名 Quick Emulator) の hw/usb/hcd-xhci.c の xhci_kick_epctx 関数には、サービス運用妨害 (無限ループおよび QEMU プロセスクラッシュ) 状態にされる脆弱性が存在します。
Possible impacts	ローカルのゲスト OS の特権ユーザにより、制御移行ディスクリプタ (control transfer descriptor) のシーケンスに関する処理を介して、サービス運用妨害 (無限ループおよび QEMU プロセスクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 21, 2017, midnight
Registration Date	April 27, 2017, 6:39 p.m.
Last Update	April 27, 2017, 6:39 p.m.

Affected System

Fabrice Bellard

QEMU

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-5973	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5973
National Vulnerability Database (NVD)
2	CVE-2017-5973	https://nvd.nist.gov/vuln/detail/CVE-2017-5973

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
QEMU
1	xhci: apply limits to loops	http://git.qemu.org/?p=qemu.git;a=commit;h=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b
Qemu-devel
2	[PATCH] xhci: apply limits to loops	https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
Red Hat Bugzilla
3	Bug 1421626	https://bugzilla.redhat.com/show_bug.cgi?id=1421626

Change Log

No	Changed Details	Date of change
0	[2017年04月27日] 掲載	Feb. 17, 2018, 10:37 a.m.