Overview
- Description
- Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 4
- Exploitability score
- 2
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 6.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-401
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C", "versionEndIncluding": "2.7.1" }, { "criteria": "cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58947AD5-A971-4E22-8D8A-634E2ED5DECD" }, { "criteria": "cpe:2.3:a:qemu:qemu:2.8.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62294521-D8AD-43C1-9B53-D75243DC9A5B" } ], "operator": "OR" } ] } ]