vulnerability
Oracle Linux: CVE-2017-9503: ELSA-2018-4285: qemu security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:M/Au:N/C:N/I:N/A:P) | May 10, 2017 | May 15, 2019 | Dec 3, 2025 |
Severity
2
CVSS
(AV:L/AC:M/Au:N/C:N/I:N/A:P)
Published
May 10, 2017
Added
May 15, 2019
Modified
Dec 3, 2025
Description
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
Solutions
oracle-linux-upgrade-ivshmem-toolsoracle-linux-upgrade-qemuoracle-linux-upgrade-qemu-block-glusteroracle-linux-upgrade-qemu-block-iscsioracle-linux-upgrade-qemu-block-rbdoracle-linux-upgrade-qemu-commonoracle-linux-upgrade-qemu-imgoracle-linux-upgrade-qemu-kvmoracle-linux-upgrade-qemu-kvm-coreoracle-linux-upgrade-qemu-system-aarch64oracle-linux-upgrade-qemu-system-aarch64-coreoracle-linux-upgrade-qemu-system-x86oracle-linux-upgrade-qemu-system-x86-core
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.