CVE-2017-14167

Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.

CVSS v3 8.8 HIGH
CVSS v2.0 7.2 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.debian.org/security/2017/dsa-3991	Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/09/07/2	Mailing List Patch Third Party Advisory
http://www.securityfocus.com/bid/100694	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:3368	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3369	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3466	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3470	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3471	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3472	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3473	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3474	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	Third Party Advisory
https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01032.html	Mailing List Patch Third Party Advisory
https://usn.ubuntu.com/3575-1/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

History

No history.

Information

Published : 2017-09-08 18:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-14167

Mitre link : CVE-2017-14167

CVE.ORG link : CVE-2017-14167

JSON object : View

Products Affected

qemu

qemu

debian

debian_linux

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2017-14167", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2017-09-08T18:29:00.297", "references": [{"url": "http://www.debian.org/security/2017/dsa-3991", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2017/09/07/2", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/100694", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3368", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3369", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3466", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3470", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3471", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3472", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3473", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3474", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01032.html", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3575-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write."}, {"lang": "es", "value": "Un desbordamiento de enteros en la funci\u00f3n load_multiboot en hw/i386/multiboot.c en QEMU (Quick Emulator) permite que usuarios locales invitados del sistema operativo ejecuten c\u00f3digo arbitrario en el host mediante valores de direcci\u00f3n de cabeceras de arranque m\u00faltiple manipulados, que desencadenan una escritura fuera de l\u00edmites."}], "lastModified": "2020-11-16T20:21:11.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE828526-81EF-4807-8E73-E0FC56034D8B", "versionEndIncluding": "2.10.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}