Lucene search

K

Veracode Vulnerability DatabaseVERACODE:27157

HistorySep 21, 2020 - 6:39 a.m.

Privilege Escalation

2020-09-2106:39:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

16

privilege escalation

qemu

xenial

denial of service

sdhci

multi block transfer

EPSS

0.001

Percentile

26.7%

qemu:xenial is vulnerable to privilege escalation. The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.

References

git.qemu-project.org/?p=qemu.git;a=commit;h=6e86d90352adf6cb08295255220295cf23c4286e

www.openwall.com/lists/oss-security/2017/02/14/8

www.securityfocus.com/bid/96263

bugzilla.redhat.com/show_bug.cgi?id=1421995

lists.debian.org/debian-lts-announce/2018/09/msg00007.html

lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html

security.gentoo.org/glsa/201704-01

EPSS

0.001

Percentile

26.7%

Related for VERACODE:27157

ubuntucve1 debiancve1 redhatcve1 cvelist1 cve1 prion1 osv2 nvd1 nessus13 gentoo1 openvas12 ubuntu2 fedora2 suse4 debian1