ID CVE-2018-10908
Summary It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:virtualization:4.0
    cpe:2.3:a:redhat:virtualization:4.0
CVSS
Base: 7.1
Impact:
Exploitability:
CWE CWE-399
CAPEC
redhat via4
advisories
rhsa
id RHEA-2018:2624
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908
misc
Last major update 09-08-2018 - 15:29
Published 09-08-2018 - 15:29
Last modified 10-10-2018 - 14:01
Back to Top