PT-2017-2974 · Qemu+5 · Qemu+5

Thomas Garnier

Published

2017-09-05

Updated

2024-06-15

CVE-2017-14167

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description The issue is caused by an integer overflow in the load multiboot function, located in hw/i386/multiboot.c, which is part of the QEMU emulator. This can be exploited by an attacker in the local guest operating system, allowing them to execute arbitrary code on the host operating system. The exploitation is possible through specially crafted multiboot header address values, leading to an out-of-bounds write.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2017-2829

BDU:2017-02299

CESA-2017_3368

CVE-2017-14167

DLA-1128-1

DLA-1129-1

DLA-1497-1

DSA-3991-1

OPENSUSE-SU-2017_2938-1

OPENSUSE-SU-2017_2941-1

OPENSUSE-SU-2024:11287-1

RHSA-2017:3368

RHSA-2017:3369

RHSA-2017:3466

RHSA-2017:3470

RHSA-2017:3471

RHSA-2017:3472

RHSA-2017:3473

RHSA-2017:3474

RHSA-2017_3368

SUSE-SU-2017:2924-1

SUSE-SU-2017:2936-1

SUSE-SU-2017:2946-1

SUSE-SU-2017:2963-1

SUSE-SU-2017:2969-1

SUSE-SU-2017:3084-1

USN-3575-1

USN-3575-2

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse

Ubuntu

PT-2017-2974 · Qemu+5 · Qemu+5

CVE-2017-14167

Weakness Enumeration

Related Identifiers

Affected Products

References · 398