CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-16845

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile16.08th
Published2017年11月17日
Last Modified2026年5月13日

Vulnerability Description

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.

Affected Platforms (CPE)

📦
Qemu

Qemu

<= 2.11.2
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
💻
Canonical

Ubuntu Linux

= 14.04
💻
Canonical

Ubuntu Linux

= 16.04
💻
Canonical

Ubuntu Linux

= 17.10
💻
Canonical

Ubuntu Linux

= 18.04

References & Advisories

🔗 http://www.securityfocus.com/bid/101923
🔗 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
🔗 https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
🔗 https://usn.ubuntu.com/3575-1/
🔗 https://usn.ubuntu.com/3649-1/
🔗 https://www.debian.org/security/2018/dsa-4213
🔗 http://www.securityfocus.com/bid/101923
🔗 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html

相关漏洞威胁

CVE-2015-855610.0

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

CVE-2021-218929.9

A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0....

CVE-2020-61009.9

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted p...

CVE-2021-218899.9

A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (...