CVE-2017-5898
Medium
Low
Medium
High
Critical
5.5
CVSS Score
Vulnerability Description
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
111 configuration(s) from 2 vendor(s)
qemu
Version:
1.7.2
CPE:
cpe:2.3:a:qemu:qemu:1.7.2:*:*:*:*:*:*:*
qemu
Version:
2.7.1
CPE:
cpe:2.3:a:qemu:qemu:2.7.1:*:*:*:*:*:*:*
qemu
Version:
2.7.0
CPE:
cpe:2.3:a:qemu:qemu:2.7.0:-:*:*:*:*:*:*
qemu
Version:
0.12.2
CPE:
cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*
qemu
Version:
0.14.0
CPE:
cpe:2.3:a:qemu:qemu:0.14.0:-:*:*:*:*:*:*
qemu
Version:
2.2.0
CPE:
cpe:2.3:a:qemu:qemu:2.2.0:rc0:*:*:*:*:*:*
qemu
Version:
1.0
CPE:
cpe:2.3:a:qemu:qemu:1.0:rc0:*:*:*:*:*:*
qemu
Version:
0.4.2
CPE:
cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*
qemu
Version:
0.1.6
CPE:
cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*
qemu
Version:
0.1.3
CPE:
cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*
qemu
Version:
0.4.3
CPE:
cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*
qemu
Version:
1.4.0
CPE:
cpe:2.3:a:qemu:qemu:1.4.0:rc0:*:*:*:*:*:*
qemu
Version:
2.3.1
CPE:
cpe:2.3:a:qemu:qemu:2.3.1:*:*:*:*:*:*:*
qemu
Version:
1.7.0
CPE:
cpe:2.3:a:qemu:qemu:1.7.0:rc0:*:*:*:*:*:*
qemu
Version:
0.5.5
CPE:
cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*
qemu
Version:
2.1\+dfsg
CPE:
cpe:2.3:a:qemu:qemu:2.1\+dfsg:*:*:*:*:*:*:*
qemu
Version:
0.12.1
CPE:
cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*
qemu
Version:
1.4.1
CPE:
cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*
qemu
Version:
2.2.1
CPE:
cpe:2.3:a:qemu:qemu:2.2.1:*:*:*:*:*:*:*
qemu
Version:
1.3.1
CPE:
cpe:2.3:a:qemu:qemu:1.3.1:*:*:*:*:*:*:*
qemu
Version:
2.0.1
CPE:
cpe:2.3:a:qemu:qemu:2.0.1:*:*:*:*:*:*:*
qemu
Version:
0.6.0
CPE:
cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*
qemu
Version:
1.5.0
CPE:
cpe:2.3:a:qemu:qemu:1.5.0:rc0:*:*:*:*:*:*
qemu
Version:
1.6.2
CPE:
cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*
qemu
Version:
1\
CPE:
cpe:2.3:a:qemu:qemu:1\:4.1-1:*:*:*:*:*:*:*
qemu
Version:
0.12.5
CPE:
cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*
qemu
Version:
0.13.0
CPE:
cpe:2.3:a:qemu:qemu:0.13.0:rc2:*:*:*:*:*:*
qemu
Version:
0.4.1
CPE:
cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*
qemu
Version:
1.3.0
CPE:
cpe:2.3:a:qemu:qemu:1.3.0:rc0:*:*:*:*:*:*
qemu
Version:
0.5.4
CPE:
cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*
qemu
Version:
0.1.4
CPE:
cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*
qemu
Version:
0.8.2
CPE:
cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
qemu
Version:
2.8.0
CPE:
cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*
qemu
Version:
0.5.3
CPE:
cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*
qemu
Version:
1.2.1
CPE:
cpe:2.3:a:qemu:qemu:1.2.1:*:*:*:*:*:*:*
qemu
Version:
1.1
CPE:
cpe:2.3:a:qemu:qemu:1.1:rc0:*:*:*:*:*:*
qemu
Version:
0.14.1
CPE:
cpe:2.3:a:qemu:qemu:0.14.1:*:*:*:*:*:*:*
qemu
Version:
0.1.0
CPE:
cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*
qemu
Version:
0.15.2
CPE:
cpe:2.3:a:qemu:qemu:0.15.2:*:*:*:*:*:*:*
qemu
Version:
2.8.1
CPE:
cpe:2.3:a:qemu:qemu:2.8.1:*:*:*:*:*:*:*
qemu
Version:
2.3.0
CPE:
cpe:2.3:a:qemu:qemu:2.3.0:-:*:*:*:*:*:*
qemu
Version:
0.11.1
CPE:
cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*
qemu
Version:
0.6.1
CPE:
cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*
qemu
Version:
0.10.5
CPE:
cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*
qemu
Version:
0.12.4
CPE:
cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*
qemu
Version:
2.4.1
CPE:
cpe:2.3:a:qemu:qemu:2.4.1:*:*:*:*:*:*:*
qemu
Version:
2.8.1.1
CPE:
cpe:2.3:a:qemu:qemu:2.8.1.1:*:*:*:*:*:*:*
qemu
Version:
0.8.1
CPE:
cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*
qemu
Version:
1.1.0
CPE:
cpe:2.3:a:qemu:qemu:1.1.0:rc2:*:*:*:*:*:*
qemu
Version:
0.10.2
CPE:
cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*
qemu
Version:
2.6.0
CPE:
cpe:2.3:a:qemu:qemu:2.6.0:-:*:*:*:*:*:*
qemu
Version:
0.11.0-rc1
CPE:
cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*
qemu
Version:
1.1.2
CPE:
cpe:2.3:a:qemu:qemu:1.1.2:*:*:*:*:*:*:*
qemu
Version:
2.4.0
CPE:
cpe:2.3:a:qemu:qemu:2.4.0:rc0:*:*:*:*:*:*
qemu
Version:
0.5.1
CPE:
cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*
qemu
Version:
0.1.5
CPE:
cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*
qemu
Version:
1.5.1
CPE:
cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*
qemu
Version:
1.7.1
CPE:
cpe:2.3:a:qemu:qemu:1.7.1:*:*:*:*:*:*:*
qemu
Version:
0.2.0
CPE:
cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*
qemu
Version:
0.9.1-5
CPE:
cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*
qemu
Version:
0.11.0
CPE:
cpe:2.3:a:qemu:qemu:0.11.0:-:*:*:*:*:*:*
qemu
Version:
1.2.2
CPE:
cpe:2.3:a:qemu:qemu:1.2.2:*:*:*:*:*:*:*
qemu
Version:
0.4.4
CPE:
cpe:2.3:a:qemu:qemu:0.4.4:*:*:*:*:*:*:*
qemu
Version:
1.1.1
CPE:
cpe:2.3:a:qemu:qemu:1.1.1:*:*:*:*:*:*:*
qemu
Version:
0.4.0
CPE:
cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*
qemu
Version:
2.1.3
CPE:
cpe:2.3:a:qemu:qemu:2.1.3:*:*:*:*:*:*:*
qemu
Version:
2.4.0.1
CPE:
cpe:2.3:a:qemu:qemu:2.4.0.1:*:*:*:*:*:*:*
qemu
Version:
1.5.2
CPE:
cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*
qemu
Version:
2.5.1
CPE:
cpe:2.3:a:qemu:qemu:2.5.1:*:*:*:*:*:*:*
qemu
Version:
1.6.0
CPE:
cpe:2.3:a:qemu:qemu:1.6.0:rc0:*:*:*:*:*:*
qemu
Version:
2.1.2
CPE:
cpe:2.3:a:qemu:qemu:2.1.2:*:*:*:*:*:*:*
qemu
Version:
0.7.0
CPE:
cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*
qemu
Version:
0.10.6
CPE:
cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*
qemu
Version:
0.8.0
CPE:
cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*
qemu
Version:
0.10.4
CPE:
cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*
qemu
Version:
2.5.1.1
CPE:
cpe:2.3:a:qemu:qemu:2.5.1.1:*:*:*:*:*:*:*
qemu
Version:
0.10.0
CPE:
cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*
qemu
Version:
0.9.1
CPE:
cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*
qemu
Version:
1.2.0
CPE:
cpe:2.3:a:qemu:qemu:1.2.0:rc0:*:*:*:*:*:*
qemu
Version:
1.1.2\+dfsg
CPE:
cpe:2.3:a:qemu:qemu:1.1.2\+dfsg:*:*:*:*:*:*:*
qemu
Version:
0.10.1
CPE:
cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*
qemu
Version:
1.0.1
CPE:
cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*
qemu
Version:
2.0.0
CPE:
cpe:2.3:a:qemu:qemu:2.0.0:-:*:*:*:*:*:*
qemu
Version:
0.12.3
CPE:
cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*
qemu
Version:
0.5.0
CPE:
cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*
qemu
Version:
2.6.2
CPE:
cpe:2.3:a:qemu:qemu:2.6.2:*:*:*:*:*:*:*
qemu
Version:
0.11.0-rc0
CPE:
cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*
qemu
Version:
0.10.3
CPE:
cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*
qemu
Version:
2.5.0
CPE:
cpe:2.3:a:qemu:qemu:2.5.0:rc3:*:*:*:*:*:*
qemu
Version:
0.5.2
CPE:
cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*
qemu
Version:
0.15.1
CPE:
cpe:2.3:a:qemu:qemu:0.15.1:*:*:*:*:*:*:*
qemu
Version:
1.4.2
CPE:
cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*
qemu
Version:
0.7.2
CPE:
cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*
qemu
Version:
2.1.0
CPE:
cpe:2.3:a:qemu:qemu:2.1.0:rc4:*:*:*:*:*:*
qemu
Version:
0.7.1
CPE:
cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*
qemu
Version:
0.1.1
CPE:
cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*
qemu
Version:
2.6.1
CPE:
cpe:2.3:a:qemu:qemu:2.6.1:*:*:*:*:*:*:*
qemu
Version:
1.5.3
CPE:
cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*
qemu
Version:
0.3.0
CPE:
cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*
qemu
Version:
0.11.0-rc2
CPE:
cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*
qemu
Version:
2.1.1
CPE:
cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*
qemu
Version:
0.15.0
CPE:
cpe:2.3:a:qemu:qemu:0.15.0:rc0:*:*:*:*:*:*
qemu
Version:
0.9.0
CPE:
cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*
qemu
Version:
1.6.1
CPE:
cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*
qemu
Version:
0.12.0
CPE:
cpe:2.3:a:qemu:qemu:0.12.0:rc0:*:*:*:*:*:*
qemu
Version:
2.0.2
CPE:
cpe:2.3:a:qemu:qemu:2.0.2:*:*:*:*:*:*:*
qemu
Version:
0.1.2
CPE:
cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*
linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*
linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
linux_enterprise_server_for_sap
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:sp5:*:*:*:*:*:*
linux_enterprise_software_development_kit
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
This vulnerability affects 111 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6acve@mitre.org
-
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.htmlcve@mitre.org Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.htmlcve@mitre.org Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/02/07/3cve@mitre.org Mailing List Patch Third Party Advisory
-
http://www.securityfocus.com/bid/96112cve@mitre.org Third Party Advisory VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1856cve@mitre.org Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2392cve@mitre.org Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1419699cve@mitre.org Issue Tracking Patch
-
https://security.gentoo.org/glsa/201702-28cve@mitre.org Patch Third Party Advisory VDB Entry
-
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6aaf854a3a-2127-422b-91ae-364da2661108
-
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/02/07/3af854a3a-2127-422b-91ae-364da2661108 Mailing List Patch Third Party Advisory
-
http://www.securityfocus.com/bid/96112af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1856af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2392af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1419699af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Patch
-
https://security.gentoo.org/glsa/201702-28af854a3a-2127-422b-91ae-364da2661108 Patch Third Party Advisory VDB Entry
Severity Details
5.5
out of 10.0
Medium
Weakness Type (CWE)
CWE-190
Top 25 #22
Integer Overflow or Wraparound
- Description
- The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value…
- Exploit Likelihood
- Medium
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- March 15, 2017
