製品・ソフトウェアに関する情報

JVN脆弱性詳細

QEMU における仮想マシンがクラッシュされる脆弱性

Title	QEMU における仮想マシンがクラッシュされる脆弱性
Summary	QEMU には、仮想マシンがクラッシュされる脆弱性が存在します。
Possible impacts	ローカルユーザにより、aam 命令への除数演算数を介して、ゼロ除算エラーを誘発され、仮想マシンをクラッシュされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 2, 2007, midnight
Registration Date	June 26, 2012, 3:46 p.m.
Last Update	June 26, 2012, 3:46 p.m.

CVSS2.0 : 警告
Score	4.9
Vector	AV:L/AC:L/Au:N/C:N/I:N/A:C

Affected System

Fabrice Bellard

QEMU 0.8.2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-1366	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1366
National Vulnerability Database (NVD)
2	CVE-2007-1366	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1366

ベンダー情報

No	Name	URL
QEMU
1	Top Page	http://wiki.qemu.org/Index.html

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-1366

Summary	QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
Summary	QEMU 0.8.2 permite a usuarios locales colgar una máquina virtual mediante el operando divisor en la instrucción aam, como se ha demostrado "aam 0x0", la cual dispara un error de división por cero.
Publication Date	May 3, 2007, 2:19 a.m.
Registration Date	Jan. 29, 2021, 2:08 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:qemu:qemu:0.8.2:::::::*
cpe:2.3:o:debian:debian_linux:3.1:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*

Related information, measures and tools

No	URL	refsource
1	http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html	cve@mitre.org
2	http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00651.html	cve@mitre.org
3	http://osvdb.org/35498	cve@mitre.org
4	http://secunia.com/advisories/25073	cve@mitre.org
5	http://secunia.com/advisories/25095	cve@mitre.org
6	http://secunia.com/advisories/29129	cve@mitre.org
7	http://taviso.decsystem.org/virtsec.pdf	cve@mitre.org
8	http://www.debian.org/security/2007/dsa-1284	cve@mitre.org
9	http://www.mandriva.com/security/advisories?name=MDVSA-2008:162	cve@mitre.org
10	http://www.securityfocus.com/bid/23731	cve@mitre.org
11	http://www.vupen.com/english/advisories/2007/1597	cve@mitre.org
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/34046	cve@mitre.org
13	http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html	af854a3a-2127-422b-91ae-364da2661108
14	http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00651.html	af854a3a-2127-422b-91ae-364da2661108
15	http://osvdb.org/35498	af854a3a-2127-422b-91ae-364da2661108
16	http://secunia.com/advisories/25073	af854a3a-2127-422b-91ae-364da2661108
17	http://secunia.com/advisories/25095	af854a3a-2127-422b-91ae-364da2661108
18	http://secunia.com/advisories/29129	af854a3a-2127-422b-91ae-364da2661108
19	http://taviso.decsystem.org/virtsec.pdf	af854a3a-2127-422b-91ae-364da2661108
20	http://www.debian.org/security/2007/dsa-1284	af854a3a-2127-422b-91ae-364da2661108
21	http://www.mandriva.com/security/advisories?name=MDVSA-2008:162	af854a3a-2127-422b-91ae-364da2661108
22	http://www.securityfocus.com/bid/23731	af854a3a-2127-422b-91ae-364da2661108
23	http://www.vupen.com/english/advisories/2007/1597	af854a3a-2127-422b-91ae-364da2661108
24	https://exchange.xforce.ibmcloud.com/vulnerabilities/34046	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List