CVE-2017-8284
Last modified
CVE-2017-8284 is a vulnerability of currently unknown severity. The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qemu | Qemu | <= 2.8.1.1 |
References
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1122Issue Tracking, Third Party Advisory
- https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14Issue Tracking, Patch, Third Party Advisory
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1122Issue Tracking, Third Party Advisory
- https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14Issue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8284?
How severe is CVE-2017-8284?
How do I fix CVE-2017-8284?
Are you affected by CVE-2017-8284?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST