CVE-2017-8086

MEDIUM

Qemu < 2.8.1 - Resource Leak

Title source: rule

Description

Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.

References (7)

Scores

CVSS v3 6.5
EPSS 0.0008
EPSS Percentile 22.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Classification

CWE
CWE-772
Status published

Affected Products (7)

qemu/qemu < 2.8.1
qemu/qemu
qemu/qemu
qemu/qemu
qemu/qemu
debian/debian_linux
n/a/n/a

Timeline

Published May 02, 2017
Tracked Since Feb 18, 2026