Critical severity10.0NVD Advisory· Published Nov 17, 2017· Updated May 13, 2026

CVE-2017-16845

Description

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.

QEMU/Qemu
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Range: <=2.11.2
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.