CVE-2017-9375

QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name	Vendor	Start Version	End Version
Qemu	Qemu	*	2.8.1.1 (including)
Qemu	Ubuntu	trusty	*
Qemu	Ubuntu	xenial	*
Qemu	Ubuntu	yakkety	*
Qemu	Ubuntu	zesty	*
Qemu-kvm	Ubuntu	precise/esm	*
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat OpenStack Platform 10.0 (Newton)	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat OpenStack Platform 11.0 (Ocata)	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat OpenStack Platform 8.0 (Liberty)	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat OpenStack Platform 9.0 (Mitaka)	RedHat	qemu-kvm-rhev-10:2.9.0-10.el7	*
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7	RedHat	qemu-kvm-rhev-10:2.9.0-14.el7	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-9375
CWE	https://cwe.mitre.org/data/definitions/835.html

Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness

Affected Software

References