Quick emulator built with the IDE disk and CD/DVD-ROM Emulator support is vulnerable to a null pointer dereference issue. It could occur while flushing an empty CDROM device drive. A privileged user inside guest could use this flaw to crash the Qemu process resulting in DoS. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/08/21/2
Acknowledgments: Name: Ryan Salsamendi (Palo Alto Networks PSIRT)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1483536]
qemu-2.9.1-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.