CVE-2017-7539

Name of the Vulnerable Software and Affected Versions: Qemu versions prior to 2.10.1 Qemu-NBD (affected versions not specified)

Description: The issue is related to errors during connection establishment in the Qemu-NBD hardware emulator server. It can be exploited by a remote attacker to cause a denial of service by crashing the server when it attempts to respond to a client. The problem arises from an assertion-failure flaw in the NBD server's initial connection negotiation, where the I/O coroutine is undefined, allowing a remote user or process to crash the qemu-nbd server by sending unexpected data during connection negotiation.

Recommendations: For Qemu versions prior to 2.10.1, update to version 2.10.1 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for Qemu-NBD.