ID CVE-2007-1366
Summary QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
References
Vulnerable Configurations
  • cpe:2.3:a:fabrice_bellard:qemu:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:fabrice_bellard:qemu:0.8.2:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 23731
debian DSA-1284
mandriva MDVSA-2008:162
misc http://taviso.decsystem.org/virtsec.pdf
mlist
  • [Qemu-devel] 20070428 Qemu crashes on AAM 0
  • [Qemu-devel] 20070429 Re: Qemu crashes on AAM 0
osvdb 35498
secunia
  • 25073
  • 25095
  • 29129
vupen ADV-2007-1597
xf qemu-aam-dos(34046)
statements via4
contributor Mark J Cox
lastmodified 2007-09-24
organization Red Hat
statement Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.
Last major update 29-07-2017 - 01:30
Published 02-05-2007 - 17:19
Last modified 29-07-2017 - 01:30
Back to Top