{"id":"USN-3575-1","summary":"qemu vulnerabilities","details":"It was discovered that QEMU incorrectly handled guest ram. A privileged\nattacker inside the guest could use this issue to cause QEMU to crash,\nresulting in a denial of service. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 16.04 LTS. (CVE-2017-11334)\n\nDavid Buchanan discovered that QEMU incorrectly handled the VGA device. A\nprivileged attacker inside the guest could use this issue to cause QEMU to\ncrash, resulting in a denial of service. This issue was only addressed in\nUbuntu 17.10. (CVE-2017-13672)\n\nThomas Garnier discovered that QEMU incorrectly handled multiboot. An\nattacker could use this issue to cause QEMU to crash, resulting in a denial\nof service, or possibly execute arbitrary code on the host. In the default\ninstallation, when QEMU is used with libvirt, attackers would be isolated\nby the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS\nand Ubuntu 16.04 LTS. (CVE-2017-14167)\n\nTuomas Tynkkynen discovered that QEMU incorrectly handled VirtFS directory\nsharing. An attacker could use this issue to obtain sensitive information\nfrom host memory. (CVE-2017-15038)\n\nEric Blake discovered that QEMU incorrectly handled memory in the\nNBD server. An attacker could use this issue to cause the NBD server to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n17.10. (CVE-2017-15118)\n\nEric Blake discovered that QEMU incorrectly handled certain options to the\nNBD server. An attacker could use this issue to cause the NBD server to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119)\n\nDaniel Berrange discovered that QEMU incorrectly handled the VNC server. A\nremote attacker could possibly use this issue to consume memory, resulting\nin a denial of service. This issue was only addressed in Ubuntu 17.10.\n(CVE-2017-15124)\n\nCarl Brassey discovered that QEMU incorrectly handled certain websockets. A\nremote attacker could possibly use this issue to consume memory, resulting\nin a denial of service. This issue only affected Ubuntu 17.10.\n(CVE-2017-15268)\n\nGuoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGA\ndevice. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2017-15289)\n\nCyrille Chatras discovered that QEMU incorrectly handled certain PS2 values\nduring migration. An attacker could possibly use this issue to cause QEMU\nto crash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.\n(CVE-2017-16845)\n\nIt was discovered that QEMU incorrectly handled the Virtio Vring\nimplementation. An attacker could possibly use this issue to cause QEMU to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 17.10. (CVE-2017-17381)\n\nEric Blake discovered that QEMU incorrectly handled certain rounding\noperations. An attacker could possibly use this issue to cause QEMU to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043)\n\nJiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled the\nVGA device. A privileged attacker inside the guest could use this issue to\ncause QEMU to crash, resulting in a denial of service. (CVE-2018-5683)\n","modified":"2026-02-10T04:41:16Z","published":"2018-02-20T19:12:03Z","related":["UBUNTU-CVE-2017-11334","UBUNTU-CVE-2017-13672","UBUNTU-CVE-2017-14167","UBUNTU-CVE-2017-15038","UBUNTU-CVE-2017-15119","UBUNTU-CVE-2017-15124","UBUNTU-CVE-2017-15289","UBUNTU-CVE-2017-16845","UBUNTU-CVE-2017-17381","UBUNTU-CVE-2017-18043","UBUNTU-CVE-2018-5683"],"upstream":["CVE-2017-11334","CVE-2017-13672","CVE-2017-14167","CVE-2017-15038","CVE-2017-15119","CVE-2017-15124","CVE-2017-15289","CVE-2017-16845","CVE-2017-17381","CVE-2017-18043","CVE-2018-5683","UBUNTU-CVE-2017-11334","UBUNTU-CVE-2017-13672","UBUNTU-CVE-2017-14167","UBUNTU-CVE-2017-15038","UBUNTU-CVE-2017-15118","UBUNTU-CVE-2017-15119","UBUNTU-CVE-2017-15124","UBUNTU-CVE-2017-15268","UBUNTU-CVE-2017-15289","UBUNTU-CVE-2017-16845","UBUNTU-CVE-2017-17381","UBUNTU-CVE-2017-18043","UBUNTU-CVE-2018-5683"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3575-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-11334"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-13672"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-14167"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15038"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15118"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15119"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15124"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15268"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-15289"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-16845"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-17381"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-18043"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-5683"}],"affected":[{"package":{"name":"qemu","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.39?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0+dfsg-2ubuntu1.39"}]}],"versions":["1.5.0+dfsg-3ubuntu5","1.5.0+dfsg-3ubuntu6","1.6.0+dfsg-2ubuntu1","1.6.0+dfsg-2ubuntu2","1.6.0+dfsg-2ubuntu3","1.6.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu1","1.7.0+dfsg-2ubuntu2","1.7.0+dfsg-2ubuntu3","1.7.0+dfsg-2ubuntu4","1.7.0+dfsg-2ubuntu5","1.7.0+dfsg-2ubuntu7","1.7.0+dfsg-2ubuntu8","1.7.0+dfsg-2ubuntu9","1.7.0+dfsg-3ubuntu1~ppa1","1.7.0+dfsg-3ubuntu1","1.7.0+dfsg-3ubuntu2","1.7.0+dfsg-3ubuntu3","1.7.0+dfsg-3ubuntu4","1.7.0+dfsg-3ubuntu5","1.7.0+dfsg-3ubuntu6","1.7.0+dfsg-3ubuntu7","2.0.0~rc1+dfsg-0ubuntu1","2.0.0~rc1+dfsg-0ubuntu2","2.0.0~rc1+dfsg-0ubuntu3","2.0.0~rc1+dfsg-0ubuntu3.1","2.0.0+dfsg-2ubuntu1","2.0.0+dfsg-2ubuntu1.1","2.0.0+dfsg-2ubuntu1.2","2.0.0+dfsg-2ubuntu1.3","2.0.0+dfsg-2ubuntu1.5","2.0.0+dfsg-2ubuntu1.6","2.0.0+dfsg-2ubuntu1.7","2.0.0+dfsg-2ubuntu1.8","2.0.0+dfsg-2ubuntu1.9","2.0.0+dfsg-2ubuntu1.10","2.0.0+dfsg-2ubuntu1.11","2.0.0+dfsg-2ubuntu1.13","2.0.0+dfsg-2ubuntu1.14","2.0.0+dfsg-2ubuntu1.15","2.0.0+dfsg-2ubuntu1.16","2.0.0+dfsg-2ubuntu1.17","2.0.0+dfsg-2ubuntu1.18","2.0.0+dfsg-2ubuntu1.19","2.0.0+dfsg-2ubuntu1.20","2.0.0+dfsg-2ubuntu1.21","2.0.0+dfsg-2ubuntu1.22","2.0.0+dfsg-2ubuntu1.24","2.0.0+dfsg-2ubuntu1.25","2.0.0+dfsg-2ubuntu1.26","2.0.0+dfsg-2ubuntu1.27","2.0.0+dfsg-2ubuntu1.28","2.0.0+dfsg-2ubuntu1.29","2.0.0+dfsg-2ubuntu1.30","2.0.0+dfsg-2ubuntu1.31","2.0.0+dfsg-2ubuntu1.32","2.0.0+dfsg-2ubuntu1.33","2.0.0+dfsg-2ubuntu1.34","2.0.0+dfsg-2ubuntu1.35","2.0.0+dfsg-2ubuntu1.36","2.0.0+dfsg-2ubuntu1.38"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"qemu","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-common","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-guest-agent","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-keymaps","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-kvm","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-system","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-system-aarch64","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-system-arm","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-system-common","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-system-mips","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-system-misc","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-system-ppc","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-system-sparc","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-system-x86","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-user","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-user-static","binary_version":"2.0.0+dfsg-2ubuntu1.39"},{"binary_name":"qemu-utils","binary_version":"2.0.0+dfsg-2ubuntu1.39"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2017-14167","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-15038","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-15289","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-18043","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-5683","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3575-1.json"}},{"package":{"name":"qemu","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.22?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.5+dfsg-5ubuntu10.22"}]}],"versions":["1:2.3+dfsg-5ubuntu9","1:2.3+dfsg-5ubuntu10","1:2.4+dfsg-4ubuntu1","1:2.4+dfsg-4ubuntu2","1:2.4+dfsg-4ubuntu3","1:2.4+dfsg-5ubuntu3","1:2.5+dfsg-1ubuntu2","1:2.5+dfsg-1ubuntu3","1:2.5+dfsg-1ubuntu4","1:2.5+dfsg-1ubuntu5","1:2.5+dfsg-5ubuntu1","1:2.5+dfsg-5ubuntu2","1:2.5+dfsg-5ubuntu4","1:2.5+dfsg-5ubuntu6","1:2.5+dfsg-5ubuntu7","1:2.5+dfsg-5ubuntu10","1:2.5+dfsg-5ubuntu10.1","1:2.5+dfsg-5ubuntu10.2","1:2.5+dfsg-5ubuntu10.3","1:2.5+dfsg-5ubuntu10.4","1:2.5+dfsg-5ubuntu10.5","1:2.5+dfsg-5ubuntu10.6","1:2.5+dfsg-5ubuntu10.7","1:2.5+dfsg-5ubuntu10.8","1:2.5+dfsg-5ubuntu10.9","1:2.5+dfsg-5ubuntu10.10","1:2.5+dfsg-5ubuntu10.11","1:2.5+dfsg-5ubuntu10.13","1:2.5+dfsg-5ubuntu10.14","1:2.5+dfsg-5ubuntu10.15","1:2.5+dfsg-5ubuntu10.16","1:2.5+dfsg-5ubuntu10.20","1:2.5+dfsg-5ubuntu10.21"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"qemu","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-block-extra","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-guest-agent","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-kvm","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-system","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-system-aarch64","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-system-arm","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-system-common","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-system-mips","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-system-misc","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-system-ppc","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-system-s390x","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-system-sparc","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-system-x86","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-user","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-user-binfmt","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-user-static","binary_version":"1:2.5+dfsg-5ubuntu10.22"},{"binary_name":"qemu-utils","binary_version":"1:2.5+dfsg-5ubuntu10.22"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2017-14167","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-15038","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-15119","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2017-15289","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-16845","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-17381","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2017-18043","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-5683","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3575-1.json"}}],"schema_version":"1.7.3"}