Divide By Zero Affecting qemu-project/qemu package, versions [,0.11.0-rc1)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.09% (27th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-QEMUPROJECTQEMU-3006897
  • published26 Jan 2022
  • disclosed2 May 2007
  • creditUnknown

Introduced: 2 May 2007

CVE-2007-1366  (opens in a new tab)
CWE-369  (opens in a new tab)

How to fix?

Upgrade qemu-project/qemu to version 0.11.0-rc1 or higher.

Overview

Affected versions of this package are vulnerable to Divide By Zero. QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.

CVSS Base Scores

version 3.1