ID CVE-2017-15118
Summary A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
References
Vulnerable Configurations
  • QEMU
    cpe:2.3:a:qemu:qemu
  • QEMU 0.1
    cpe:2.3:a:qemu:qemu:0.1
  • QEMU 0.1.0
    cpe:2.3:a:qemu:qemu:0.1.0
  • QEMU 0.1.1
    cpe:2.3:a:qemu:qemu:0.1.1
  • QEMU 0.1.2
    cpe:2.3:a:qemu:qemu:0.1.2
  • QEMU 0.1.3
    cpe:2.3:a:qemu:qemu:0.1.3
  • QEMU 0.1.4
    cpe:2.3:a:qemu:qemu:0.1.4
  • QEMU 0.1.5
    cpe:2.3:a:qemu:qemu:0.1.5
  • QEMU 0.1.6
    cpe:2.3:a:qemu:qemu:0.1.6
  • QEMU 0.2
    cpe:2.3:a:qemu:qemu:0.2
  • QEMU 0.2.0
    cpe:2.3:a:qemu:qemu:0.2.0
  • QEMU 0.3
    cpe:2.3:a:qemu:qemu:0.3
  • QEMU 0.3.0
    cpe:2.3:a:qemu:qemu:0.3.0
  • QEMU 0.4
    cpe:2.3:a:qemu:qemu:0.4
  • QEMU 0.4.0
    cpe:2.3:a:qemu:qemu:0.4.0
  • QEMU 0.4.1
    cpe:2.3:a:qemu:qemu:0.4.1
  • QEMU 0.4.2
    cpe:2.3:a:qemu:qemu:0.4.2
  • QEMU 0.4.3
    cpe:2.3:a:qemu:qemu:0.4.3
  • QEMU 0.4.4
    cpe:2.3:a:qemu:qemu:0.4.4
  • QEMU 0.5.0
    cpe:2.3:a:qemu:qemu:0.5.0
  • QEMU 0.5.1
    cpe:2.3:a:qemu:qemu:0.5.1
  • QEMU 0.5.2
    cpe:2.3:a:qemu:qemu:0.5.2
  • QEMU 0.5.3
    cpe:2.3:a:qemu:qemu:0.5.3
  • QEMU 0.5.4
    cpe:2.3:a:qemu:qemu:0.5.4
  • QEMU 0.5.5
    cpe:2.3:a:qemu:qemu:0.5.5
  • QEMU 0.6.0
    cpe:2.3:a:qemu:qemu:0.6.0
  • QEMU 0.6.1
    cpe:2.3:a:qemu:qemu:0.6.1
  • QEMU 0.7.0
    cpe:2.3:a:qemu:qemu:0.7.0
  • QEMU 0.7.1
    cpe:2.3:a:qemu:qemu:0.7.1
  • QEMU 0.7.2
    cpe:2.3:a:qemu:qemu:0.7.2
  • QEMU 0.8.0
    cpe:2.3:a:qemu:qemu:0.8.0
  • QEMU 0.8.1
    cpe:2.3:a:qemu:qemu:0.8.1
  • QEMU 0.8.2
    cpe:2.3:a:qemu:qemu:0.8.2
  • QEMU 0.9.0
    cpe:2.3:a:qemu:qemu:0.9.0
  • QEMU 0.9.1
    cpe:2.3:a:qemu:qemu:0.9.1
  • QEMU 0.9.1-5
    cpe:2.3:a:qemu:qemu:0.9.1-5
  • QEMU 0.10.0
    cpe:2.3:a:qemu:qemu:0.10.0
  • QEMU 0.10.1
    cpe:2.3:a:qemu:qemu:0.10.1
  • QEMU 0.10.2
    cpe:2.3:a:qemu:qemu:0.10.2
  • QEMU 0.10.3
    cpe:2.3:a:qemu:qemu:0.10.3
  • QEMU 0.10.4
    cpe:2.3:a:qemu:qemu:0.10.4
  • QEMU 0.10.5
    cpe:2.3:a:qemu:qemu:0.10.5
  • QEMU 0.10.6
    cpe:2.3:a:qemu:qemu:0.10.6
  • QEMU 0.11.0
    cpe:2.3:a:qemu:qemu:0.11.0
  • QEMU 0.11.0-rc0
    cpe:2.3:a:qemu:qemu:0.11.0:rc0
  • QEMU 0.11.0 release candidate 1
    cpe:2.3:a:qemu:qemu:0.11.0:rc1
  • QEMU 0.11.0 release candidate 2
    cpe:2.3:a:qemu:qemu:0.11.0:rc2
  • QEMU 0.11.0-rc0
    cpe:2.3:a:qemu:qemu:0.11.0-rc0
  • QEMU 0.11.0-rc1
    cpe:2.3:a:qemu:qemu:0.11.0-rc1
  • QEMU 0.11.0-rc2
    cpe:2.3:a:qemu:qemu:0.11.0-rc2
  • QEMU 0.11.1
    cpe:2.3:a:qemu:qemu:0.11.1
  • QEMU 0.12.0
    cpe:2.3:a:qemu:qemu:0.12.0
  • QEMU 0.12.0 release candidate 1
    cpe:2.3:a:qemu:qemu:0.12.0:rc1
  • QEMU 0.12.0 release candidate 2
    cpe:2.3:a:qemu:qemu:0.12.0:rc2
  • QEMU 0.12.1
    cpe:2.3:a:qemu:qemu:0.12.1
  • QEMU 0.12.2
    cpe:2.3:a:qemu:qemu:0.12.2
  • QEMU 0.12.3
    cpe:2.3:a:qemu:qemu:0.12.3
  • QEMU 0.12.4
    cpe:2.3:a:qemu:qemu:0.12.4
  • QEMU 0.12.5
    cpe:2.3:a:qemu:qemu:0.12.5
  • QEMU 0.13.0
    cpe:2.3:a:qemu:qemu:0.13.0
  • QEMU 0.13.0 release candidate 0
    cpe:2.3:a:qemu:qemu:0.13.0:rc0
  • QEMU 0.13.0 release candidate 1
    cpe:2.3:a:qemu:qemu:0.13.0:rc1
  • QEMU 0.14.0
    cpe:2.3:a:qemu:qemu:0.14.0
  • QEMU 0.14.0 release candidate 0
    cpe:2.3:a:qemu:qemu:0.14.0:rc0
  • QEMU 0.14.0 release candidate 1
    cpe:2.3:a:qemu:qemu:0.14.0:rc1
  • QEMU 0.14.0 release candidate 2
    cpe:2.3:a:qemu:qemu:0.14.0:rc2
  • QEMU 0.14.1
    cpe:2.3:a:qemu:qemu:0.14.1
  • QEMU 0.15.0
    cpe:2.3:a:qemu:qemu:0.15.0
  • QEMU 0.15.0 release candidate 1
    cpe:2.3:a:qemu:qemu:0.15.0:rc1
  • QEMU 0.15.0 release candidate 2
    cpe:2.3:a:qemu:qemu:0.15.0:rc2
  • QEMU 0.15.1
    cpe:2.3:a:qemu:qemu:0.15.1
  • QEMU 0.15.2
    cpe:2.3:a:qemu:qemu:0.15.2
  • QEMU 1.0
    cpe:2.3:a:qemu:qemu:1.0
  • QEMU 1.0 release candidate 1
    cpe:2.3:a:qemu:qemu:1.0:rc1
  • QEMU 1.0 release candidate 2
    cpe:2.3:a:qemu:qemu:1.0:rc2
  • QEMU 1.0 release candidate 3
    cpe:2.3:a:qemu:qemu:1.0:rc3
  • QEMU 1.0 release candidate 4
    cpe:2.3:a:qemu:qemu:1.0:rc4
  • QEMU 1.0.1
    cpe:2.3:a:qemu:qemu:1.0.1
  • QEMU 1.1
    cpe:2.3:a:qemu:qemu:1.1
  • QEMU 1.1 release candidate 1
    cpe:2.3:a:qemu:qemu:1.1:rc1
  • QEMU 1.1 release candidate 2
    cpe:2.3:a:qemu:qemu:1.1:rc2
  • QEMU 1.1 release candidate 3
    cpe:2.3:a:qemu:qemu:1.1:rc3
  • QEMU 1.1 release candidate 4
    cpe:2.3:a:qemu:qemu:1.1:rc4
  • QEMU 1.1.0
    cpe:2.3:a:qemu:qemu:1.1.0
  • QEMU 1.1.1
    cpe:2.3:a:qemu:qemu:1.1.1
  • QEMU 1.1.2
    cpe:2.3:a:qemu:qemu:1.1.2
  • QEMU 1.2.0
    cpe:2.3:a:qemu:qemu:1.2.0
  • QEMU 1.2.1
    cpe:2.3:a:qemu:qemu:1.2.1
  • QEMU 1.2.2
    cpe:2.3:a:qemu:qemu:1.2.2
  • QEMU 1.3.0
    cpe:2.3:a:qemu:qemu:1.3.0
  • QEMU 1.3.1
    cpe:2.3:a:qemu:qemu:1.3.1
  • QEMU 1.4.0
    cpe:2.3:a:qemu:qemu:1.4.0
  • QEMU 1.4.1
    cpe:2.3:a:qemu:qemu:1.4.1
  • QEMU 1.4.2
    cpe:2.3:a:qemu:qemu:1.4.2
  • QEMU 1.5.0
    cpe:2.3:a:qemu:qemu:1.5.0
  • QEMU 1.5.0 release candidate 1
    cpe:2.3:a:qemu:qemu:1.5.0:rc1
  • QEMU 1.5.0 release candidate 2
    cpe:2.3:a:qemu:qemu:1.5.0:rc2
  • QEMU 1.5.0 release candidate 3
    cpe:2.3:a:qemu:qemu:1.5.0:rc3
  • QEMU 1.5.1
    cpe:2.3:a:qemu:qemu:1.5.1
  • QEMU 1.5.2
    cpe:2.3:a:qemu:qemu:1.5.2
  • QEMU 1.5.3
    cpe:2.3:a:qemu:qemu:1.5.3
  • QEMU 1.6.0
    cpe:2.3:a:qemu:qemu:1.6.0
  • QEMU 1.6.0 release candidate 1
    cpe:2.3:a:qemu:qemu:1.6.0:rc1
  • QEMU 1.6.0 release candidate 2
    cpe:2.3:a:qemu:qemu:1.6.0:rc2
  • QEMU 1.6.0 release candidate 3
    cpe:2.3:a:qemu:qemu:1.6.0:rc3
  • QEMU 1.6.1
    cpe:2.3:a:qemu:qemu:1.6.1
  • QEMU 1.6.2
    cpe:2.3:a:qemu:qemu:1.6.2
  • QEMU 1.7.0
    cpe:2.3:a:qemu:qemu:1.7.0
  • QEMU 1.7.1
    cpe:2.3:a:qemu:qemu:1.7.1
  • QEMU 1.7.2
    cpe:2.3:a:qemu:qemu:1.7.2
  • QEMU 2.0.0
    cpe:2.3:a:qemu:qemu:2.0.0
  • QEMU 2.0.0
    cpe:2.3:a:qemu:qemu:2.0.0
  • QEMU 2.0.0 release candidate 0
    cpe:2.3:a:qemu:qemu:2.0.0:rc0
  • QEMU 2.0.0 release candidate 1
    cpe:2.3:a:qemu:qemu:2.0.0:rc1
  • QEMU 2.0.0 release candidate 2
    cpe:2.3:a:qemu:qemu:2.0.0:rc2
  • QEMU 2.0.0 release candidate 3
    cpe:2.3:a:qemu:qemu:2.0.0:rc3
  • QEMU 2.0.1
    cpe:2.3:a:qemu:qemu:2.0.1
  • QEMU QEMU 2.0.2
    cpe:2.3:a:qemu:qemu:2.0.2
  • QEMU QEMU 2.1.0
    cpe:2.3:a:qemu:qemu:2.1.0
  • QEMU QEMU 2.1.0 release candidate 0
    cpe:2.3:a:qemu:qemu:2.1.0:rc0
  • QEMU QEMU 2.1.0 release candidate 1
    cpe:2.3:a:qemu:qemu:2.1.0:rc1
  • QEMU QEMU 2.1.0 release candidate 2
    cpe:2.3:a:qemu:qemu:2.1.0:rc2
  • QEMU QEMU 2.1.0 release candidate 3
    cpe:2.3:a:qemu:qemu:2.1.0:rc3
  • QEMU QEMU 2.1.0 release candidate 5
    cpe:2.3:a:qemu:qemu:2.1.0:rc5
  • QEMU QEMU 2.1.1
    cpe:2.3:a:qemu:qemu:2.1.1
  • QEMU QEMU 2.1.2
    cpe:2.3:a:qemu:qemu:2.1.2
  • QEMU 2.1.3
    cpe:2.3:a:qemu:qemu:2.1.3
  • QEMU 2.2.0
    cpe:2.3:a:qemu:qemu:2.2.0
  • QEMU 2.2.1
    cpe:2.3:a:qemu:qemu:2.2.1
  • QEMU 2.3.0
    cpe:2.3:a:qemu:qemu:2.3.0
  • QEMU 2.3.1
    cpe:2.3:a:qemu:qemu:2.3.1
  • QEMU 2.4.0
    cpe:2.3:a:qemu:qemu:2.4.0
  • QEMU 2.4.0.1
    cpe:2.3:a:qemu:qemu:2.4.0.1
  • QEMU 2.4.1
    cpe:2.3:a:qemu:qemu:2.4.1
  • QEMU 2.5.0
    cpe:2.3:a:qemu:qemu:2.5.0
  • QEMU 2.5.1
    cpe:2.3:a:qemu:qemu:2.5.1
  • QEMU 2.5.1.1
    cpe:2.3:a:qemu:qemu:2.5.1.1
  • QEMU 2.6.0
    cpe:2.3:a:qemu:qemu:2.6.0
  • QEMU 2.6.1
    cpe:2.3:a:qemu:qemu:2.6.1
  • QEMU 2.6.2
    cpe:2.3:a:qemu:qemu:2.6.2
  • QEMU 2.7.0
    cpe:2.3:a:qemu:qemu:2.7.0
  • QEMU 2.7.1
    cpe:2.3:a:qemu:qemu:2.7.1
  • QEMU 2.8.0
    cpe:2.3:a:qemu:qemu:2.8.0
  • QEMU 2.8.1
    cpe:2.3:a:qemu:qemu:2.8.1
  • QEMU 2.8.1.1
    cpe:2.3:a:qemu:qemu:2.8.1.1
  • QEMU 2.9.0
    cpe:2.3:a:qemu:qemu:2.9.0
  • QEMU 2.9.1
    cpe:2.3:a:qemu:qemu:2.9.1
  • QEMU 2.10.0
    cpe:2.3:a:qemu:qemu:2.10.0
  • QEMU 2.10.1
    cpe:2.3:a:qemu:qemu:2.10.1
  • QEMU 2.10.2
    cpe:2.3:a:qemu:qemu:2.10.2
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-787
CAPEC
exploit-db via4
description QEMU - NBD Server Long Export Name Stack Buffer Overflow. CVE-2017-15118. Dos exploit for Linux platform. Tags: Buffer Overflow
file exploits/linux/dos/43194.txt
id EDB-ID:43194
last seen 2017-11-29
modified 2017-11-29
platform linux
port
published 2017-11-29
reporter Exploit-DB
source https://www.exploit-db.com/download/43194/
title QEMU - NBD Server Long Export Name Stack Buffer Overflow
type dos
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3575-2.NASL
    description USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. We apologize for the inconvenience. Original advisory details : It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-13672) Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14167) Tuomas Tynkkynen discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker could use this issue to obtain sensitive information from host memory. (CVE-2017-15038) Eric Blake discovered that QEMU incorrectly handled memory in the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15118) Eric Blake discovered that QEMU incorrectly handled certain options to the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119) Daniel Berrange discovered that QEMU incorrectly handled the VNC server. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-15124) Carl Brassey discovered that QEMU incorrectly handled certain websockets. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15268) Guoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-15289) Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-16845) It was discovered that QEMU incorrectly handled the Virtio Vring implementation. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-17381) Eric Blake discovered that QEMU incorrectly handled certain rounding operations. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043) Jiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-5683). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 107145
    published 2018-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107145
    title Ubuntu 14.04 LTS / 16.04 LTS : qemu regression (USN-3575-2)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1104.NASL
    description An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. The following packages have been upgraded to a later upstream version: qemu-kvm-rhev (2.10.0). (BZ#1470749) Security Fix(es) : * Qemu: stack-based buffer overflow in NBD server triggered via long export name (CVE-2017-15118) * Qemu: DoS via large option request (CVE-2017-15119) * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: vga: reachable assert failure during display update (CVE-2017-13673) * Qemu: Slirp: use-after-free when sending response (CVE-2017-13711) * Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124) * Qemu: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268) * Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank David Buchanan for reporting CVE-2017-13672 and CVE-2017-13673; Wjjzhang (Tencent.com) for reporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683. The CVE-2017-15118 and CVE-2017-15119 issues were discovered by Eric Blake (Red Hat) and the CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109070
    published 2018-04-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109070
    title RHEL 7 : Virtualization (RHSA-2018:1104)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3575-1.NASL
    description It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-11334) David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-13672) Thomas Garnier discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-14167) Tuomas Tynkkynen discovered that QEMU incorrectly handled VirtFS directory sharing. An attacker could use this issue to obtain sensitive information from host memory. (CVE-2017-15038) Eric Blake discovered that QEMU incorrectly handled memory in the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15118) Eric Blake discovered that QEMU incorrectly handled certain options to the NBD server. An attacker could use this issue to cause the NBD server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119) Daniel Berrange discovered that QEMU incorrectly handled the VNC server. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. (CVE-2017-15124) Carl Brassey discovered that QEMU incorrectly handled certain websockets. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. This issue only affected Ubuntu 17.10. (CVE-2017-15268) Guoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2017-15289) Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-16845) It was discovered that QEMU incorrectly handled the Virtio Vring implementation. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-17381) Eric Blake discovered that QEMU incorrectly handled certain rounding operations. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043) Jiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-5683). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106927
    published 2018-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106927
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : qemu vulnerabilities (USN-3575-1)
packetstorm via4
data source https://packetstormsecurity.com/files/download/145154/qemunbd-overflow.txt
id PACKETSTORM:145154
last seen 2017-12-01
published 2017-11-29
reporter Eric Blake
source https://packetstormsecurity.com/files/145154/QEMU-2.10-Buffer-Overflow.html
title QEMU 2.10 Buffer Overflow
redhat via4
advisories
rhsa
id RHSA-2018:1104
refmap via4
bid 101975
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118
misc
ubuntu USN-3575-1
Last major update 27-07-2018 - 17:29
Published 27-07-2018 - 17:29
Last modified 24-09-2018 - 09:37
Back to Top