CVE-2017-7539

Name: CVE-2017-7539
Creator: NVD / NIST
Published: 2018-07-26T14:29:00.42+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.53%

Last modified Jun 17, 2026

CVE-2017-7539 is a vulnerability of currently unknown severity. An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. EPSS estimates a 5.53% chance of exploitation in the next 30 days.

Description

An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

Metrics

EPSS Probability

5.53%

91.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Qemu	Qemu	< 2.10.1
Redhat	Openstack	6.0
Redhat	Openstack	7.0
Redhat	Openstack	8
Redhat	Openstack	9
Redhat	Openstack	10
Redhat	Openstack	11
Redhat	Virtualization	4.0
Redhat	Virtualization	3.0

References

http://www.openwall.com/lists/oss-security/2017/07/21/4Mailing List, Patch, Third Party Advisory
http://www.securityfocus.com/bid/99944Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2017:2628Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3466Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3470Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3471Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3472Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3473Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3474Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539Issue Tracking, Patch, Third Party Advisory
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19
http://www.openwall.com/lists/oss-security/2017/07/21/4Mailing List, Patch, Third Party Advisory
http://www.securityfocus.com/bid/99944Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2017:2628Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3466Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3470Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3471Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3472Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3473Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3474Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539Issue Tracking, Patch, Third Party Advisory
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19

Timeline

Published: Jul 26, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-7539?

How severe is CVE-2017-7539?

Severity scoring for CVE-2017-7539 is pending analysis. The EPSS model estimates a 5.53% probability of exploitation in the next 30 days.

How do I fix CVE-2017-7539?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-7539?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST