CVE-2017-8284

by Fred · 26/04/2017

** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes."

Date published : 2017-04-26

https://bugs.chromium.org/p/project-zero/issues/detail?id=1122

https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14

CVE-2017-8284

Similar

Recent Posts

Categories

CVE-2017-8284

Share this:

Similar

Recent Posts

Categories

Tags