Vulnerability Details : CVE-2017-5898
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-5898
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:ltss:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server_for_sap:12:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-5898
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-5898
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-5898
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-5898
-
https://access.redhat.com/errata/RHSA-2017:2392
RHSA-2017:2392 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1856
RHSA-2017:1856 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.gentoo.org/glsa/201702-28
QEMU: Multiple vulnerabilities (GLSA 201702-28) — Gentoo securityPatch;Third Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2017/02/07/3
oss-security - Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guestMailing List;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html
[security-announce] SUSE-SU-2017:0582-1: important: Security update forThird Party Advisory
-
http://www.securityfocus.com/bid/96112
QEMU 'hw/usb/dev-smartcard-reader.c' Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html
[security-announce] SUSE-SU-2017:0570-1: important: Security update forThird Party Advisory
-
http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a
git.qemu.org Git - qemu.git/commitIssue Tracking;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1419699
1419699 – (CVE-2017-5898) CVE-2017-5898 Qemu: usb: integer overflow in emulated_apdu_from_guestIssue Tracking;Patch
Jump to