CVE-2017-8379 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Qemu	Qemu
Redhat	Openstack

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:6::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:7::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat OpenStack Platform 10.0 (Newton)
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:10::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat OpenStack Platform 11.0 (Ocata)
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:11::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat OpenStack Platform 8.0 (Liberty)
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:8::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat OpenStack Platform 9.0 (Mitaka)
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:9::el7	RHSA-2017:2408	2017-08-01T00:00:00Z

Link	Providers
http://www.openwall.com/lists/oss-security/2017/05/03/2
http://www.securityfocus.com/bid/98277
https://access.redhat.com/errata/RHSA-2017:2408
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html
https://nvd.nist.gov/vuln/detail/CVE-2017-8379
https://security.gentoo.org/glsa/201706-03
https://www.cve.org/CVERecord?id=CVE-2017-8379

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-28T00:00:00", "descriptions": [{"lang": "en", "value": "Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-07T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html"}, {"name": "GLSA-201706-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201706-03"}, {"name": "[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/05/03/2"}, {"name": "RHSA-2017:2408", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2408"}, {"name": "98277", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98277"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8379", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html"}, {"name": "GLSA-201706-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201706-03"}, {"name": "[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/05/03/2"}, {"name": "RHSA-2017:2408", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2408"}, {"name": "98277", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98277"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:34:22.642Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html"}, {"name": "GLSA-201706-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201706-03"}, {"name": "[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/05/03/2"}, {"name": "RHSA-2017:2408", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2408"}, {"name": "98277", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98277"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8379", "datePublished": "2017-05-23T03:56:00", "dateReserved": "2017-04-30T00:00:00", "dateUpdated": "2024-08-05T16:34:22.642Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2017-04-28T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-09-07T09:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html (string)

}

1 : { »

name : [qemu-devel] 20170428 [PATCH] input: limit kbd queue depth (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html (string)

}

2 : { »

name : GLSA-201706-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201706-03 (string)

}

3 : { »

name : [oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2017/05/03/2 (string)

}

4 : { »

name : RHSA-2017:2408 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2017:2408 (string)

}

5 : { »

name : 98277 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/98277 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2017-8379 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (string)

refsource : MLIST (string)

url : https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html (string)

}

1 : { »

name : [qemu-devel] 20170428 [PATCH] input: limit kbd queue depth (string)

refsource : MLIST (string)

url : https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html (string)

}

2 : { »

name : GLSA-201706-03 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201706-03 (string)

}

3 : { »

name : [oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2017/05/03/2 (string)

}

4 : { »

name : RHSA-2017:2408 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2017:2408 (string)

}

5 : { »

name : 98277 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/98277 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T16:34:22.642Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html (string)

}

1 : { »

name : [qemu-devel] 20170428 [PATCH] input: limit kbd queue depth (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html (string)

}

2 : { »

name : GLSA-201706-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201706-03 (string)

}

3 : { »

name : [oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2017/05/03/2 (string)

}

4 : { »

name : RHSA-2017:2408 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2017:2408 (string)

}

5 : { »

name : 98277 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/98277 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2017-8379 (string)

datePublished : 2017-05-23T03:56:00 (string)

dateReserved : 2017-04-30T00:00:00 (string)

dateUpdated : 2024-08-05T16:34:22.642Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B8E599C-1E63-4D90-9BE4-9ADA35192912", "versionEndIncluding": "2.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "matchCriteriaId": "4E9AF77C-5D49-4842-9817-AD710A919073", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events."}, {"lang": "es", "value": "La p\u00e9rdida de memoria en el soporte de controladores de eventos de entrada de teclado en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a los usuarios privilegiados locales de SO invitados causar una denegaci\u00f3n de servicio (consumo de memoria del host) al generar r\u00e1pidamente eventos de teclado grandes."}], "id": "CVE-2017-8379", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-23T04:29:02.180", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/05/03/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98277"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2408"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201706-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/05/03/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2408"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201706-03"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B8E599C-1E63-4D90-9BE4-9ADA35192912 (string)

versionEndIncluding : 2.9.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 31EC146C-A6F6-4C0D-AF87-685286262DAA (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9DAA72A4-AC7D-4544-89D4-5B07961D5A95 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:* (string)

matchCriteriaId : E8B8C725-34CF-4340-BE7B-37E58CF706D6 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:* (string)

matchCriteriaId : F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:* (string)

matchCriteriaId : E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:* (string)

matchCriteriaId : 4E9AF77C-5D49-4842-9817-AD710A919073 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. (string)

}

1 : { »

lang : es (string)

value : La pérdida de memoria en el soporte de controladores de eventos de entrada de teclado en QEMU (también conocido como Quick Emulator) permite a los usuarios privilegiados locales de SO invitados causar una denegación de servicio (consumo de memoria del host) al generar rápidamente eventos de teclado grandes. (string)

}

]

id : CVE-2017-8379 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 4.9 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:N/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2 (number)

impactScore : 4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-05-23T04:29:02.180 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2017/05/03/2 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/98277 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2017:2408 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201706-03 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2017/05/03/2 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/98277 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://access.redhat.com/errata/RHSA-2017:2408 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201706-03 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-772 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Jiang Xin (Huawei PSIRT) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2017:2408", "cpe": "cpe:/a:redhat:openstack:6::el7", "package": "qemu-kvm-rhev-10:2.9.0-10.el7", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2408", "cpe": "cpe:/a:redhat:openstack:7::el7", "package": "qemu-kvm-rhev-10:2.9.0-10.el7", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2408", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "qemu-kvm-rhev-10:2.9.0-10.el7", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2408", "cpe": "cpe:/a:redhat:openstack:11::el7", "package": "qemu-kvm-rhev-10:2.9.0-10.el7", "product_name": "Red Hat OpenStack Platform 11.0 (Ocata)", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2408", "cpe": "cpe:/a:redhat:openstack:8::el7", "package": "qemu-kvm-rhev-10:2.9.0-10.el7", "product_name": "Red Hat OpenStack Platform 8.0 (Liberty)", "release_date": "2017-08-01T00:00:00Z"}, {"advisory": "RHSA-2017:2408", "cpe": "cpe:/a:redhat:openstack:9::el7", "package": "qemu-kvm-rhev-10:2.9.0-10.el7", "product_name": "Red Hat OpenStack Platform 9.0 (Mitaka)", "release_date": "2017-08-01T00:00:00Z"}], "bugzilla": {"description": "Qemu: input: host memory lekage via keyboard events", "id": "1446547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446547"}, "csaw": false, "cvss": {"cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "3.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-772", "details": ["Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events."], "name": "CVE-2017-8379", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Not affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}], "public_date": "2017-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-8379\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8379"], "threat_severity": "Low"}

{

acknowledgement : Red Hat would like to thank Jiang Xin (Huawei PSIRT) for reporting this issue. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2017:2408 (string)

cpe : cpe:/a:redhat:openstack:6::el7 (string)

package : qemu-kvm-rhev-10:2.9.0-10.el7 (string)

product_name : Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 (string)

release_date : 2017-08-01T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2017:2408 (string)

cpe : cpe:/a:redhat:openstack:7::el7 (string)

package : qemu-kvm-rhev-10:2.9.0-10.el7 (string)

product_name : Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 (string)

release_date : 2017-08-01T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2017:2408 (string)

cpe : cpe:/a:redhat:openstack:10::el7 (string)

package : qemu-kvm-rhev-10:2.9.0-10.el7 (string)

product_name : Red Hat OpenStack Platform 10.0 (Newton) (string)

release_date : 2017-08-01T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2017:2408 (string)

cpe : cpe:/a:redhat:openstack:11::el7 (string)

package : qemu-kvm-rhev-10:2.9.0-10.el7 (string)

product_name : Red Hat OpenStack Platform 11.0 (Ocata) (string)

release_date : 2017-08-01T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2017:2408 (string)

cpe : cpe:/a:redhat:openstack:8::el7 (string)

package : qemu-kvm-rhev-10:2.9.0-10.el7 (string)

product_name : Red Hat OpenStack Platform 8.0 (Liberty) (string)

release_date : 2017-08-01T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2017:2408 (string)

cpe : cpe:/a:redhat:openstack:9::el7 (string)

package : qemu-kvm-rhev-10:2.9.0-10.el7 (string)

product_name : Red Hat OpenStack Platform 9.0 (Mitaka) (string)

release_date : 2017-08-01T00:00:00Z (string)

}

]

bugzilla : { »

description : Qemu: input: host memory lekage via keyboard events (string)

id : 1446547 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1446547 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 2.3 (string)

cvss_scoring_vector : AV:A/AC:M/Au:S/C:N/I:N/A:P (string)

status : verified (string)

}

cvss3 : { »

cvss3_base_score : 3.0 (string)

cvss3_scoring_vector : CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L (string)

status : verified (string)

}

cwe : CWE-772 (string)

details : [ »

0 : Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. (string)

]

name : CVE-2017-8379 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Will not fix (string)

package_name : kvm (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Will not fix (string)

package_name : xen (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : qemu-kvm (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : qemu-kvm (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Will not fix (string)

package_name : qemu-kvm-rhev (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

5 : { »

cpe : cpe:/a:redhat:openstack:5::el6 (string)

fix_state : Not affected (string)

package_name : qemu-kvm-rhev (string)

product_name : Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) (string)

}

]

public_date : 2017-04-28T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2017-8379 https://nvd.nist.gov/vuln/detail/CVE-2017-8379 (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object