Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
QEMU 安全漏洞
Vulnerability Description
QEMU(又名Quick Emulator)是法国程序员法布里斯-贝拉(Fabrice Bellard)所研发的一套模拟处理器软件。该软件具有速度快、跨平台等特点。 QEMU 2.9.0之前的版本中的target/i386/translate.c文件的‘disas_insn’函数存在安全漏洞,该漏洞源于程序没有限制指令的大小。本地攻击者可通过创建特制的基本块数据利用该漏洞获取权限。
CVSS Information
N/A
Vulnerability Type
N/A