ID CVE-2017-5898
Summary Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:ltss:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:ltss:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1456983
    title Character device regression due to missing patch
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment qemu-img is earlier than 10:1.5.3-141.el7
          oval oval:com.redhat.rhsa:tst:20171856005
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 10:1.5.3-141.el7
          oval oval:com.redhat.rhsa:tst:20171856007
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-common is earlier than 10:1.5.3-141.el7
          oval oval:com.redhat.rhsa:tst:20171856009
        • comment qemu-kvm-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140704018
      • AND
        • comment qemu-kvm-tools is earlier than 10:1.5.3-141.el7
          oval oval:com.redhat.rhsa:tst:20171856011
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2017:1856
    released 2017-08-01
    severity Moderate
    title RHSA-2017:1856: qemu-kvm security, bug fix, and enhancement update (Moderate)
  • rhsa
    id RHSA-2017:2392
rpms
  • qemu-img-10:1.5.3-141.el7
  • qemu-kvm-10:1.5.3-141.el7
  • qemu-kvm-common-10:1.5.3-141.el7
  • qemu-kvm-tools-10:1.5.3-141.el7
refmap via4
bid 96112
confirm
gentoo GLSA-201702-28
mlist [oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest
suse
  • SUSE-SU-2017:0570
  • SUSE-SU-2017:0582
vulnerable_product via4
  • cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:ltss:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
Last major update 03-10-2019 - 00:03
Published 15-03-2017 - 19:59
Back to Top