Base Score

MEDIUM4.4

CVE-2017-11334

The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.

VectorLOCAL

Published Bycve@mitre.org

Published DateAug 02, 2017, 19:29

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

4.4

Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

Base Score

MEDIUM4.4

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

4.4

Vector String

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH