7 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-8284
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size...
CVE-2017-8284
The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated...
unicorn/fuzz_emu_x86_64: Use-of-uninitialized-value in disas_insn
Project: https://github.com/unicorn-engine/unicorn.git Detailed report: https://oss-fuzz.com/testcase?key=5706737298964480 Project: unicorn Fuzzer: libFuzzerunicornfuzzemux8664 Fuzz target binary: fuzzemux8664 Job Type: libfuzzermsanunicorn Platform Id: linux Crash Type: Use-of-uninitialized-valu...
Code injection
DISPUTED The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as...
CVE-2017-8284
CVE-2017-8284 affects QEMU prior to 2.9.0. The vulnerable component is the disas_insn function in target/i386/translate.c, which in TCG mode without hardware acceleration does not limit instruction size. This can enable a local user to gain privileges by creating a modified basic block that injec...
CVE-2017-8284
The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated...
CVE-2017-8284
The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated...