ID CVE-2018-17958
Summary Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
References
Vulnerable Configurations
  • QEMU
    cpe:2.3:a:qemu:qemu
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Canonical Ubuntu Linux 18.10
    cpe:2.3:o:canonical:ubuntu_linux:18.10
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1646.NASL
    description Several vulnerabilities were found in QEMU, a fast processor emulator : CVE-2018-17958 The rtl8139 emulator is affected by an integer overflow and subsequent buffer overflow. This vulnerability might be triggered by remote attackers with crafted packets to perform denial of service (via OOB stack buffer access). CVE-2018-19364 The 9pfs subsystem is affected by a race condition allowing threads to modify an fid path while it is being accessed by another thread, leading to (for example) a use-after-free outcome. This vulnerability might be triggered by local attackers to perform denial of service. CVE-2018-19489 The 9pfs subsystem is affected by a race condition during file renaming. This vulnerability might be triggered by local attackers to perform denial of service. For Debian 8 'Jessie', these problems have been fixed in version 1:2.1+dfsg-12+deb8u9. We recommend that you upgrade your qemu packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-30
    plugin id 121436
    published 2019-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121436
    title Debian DLA-1646-1 : qemu security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3987-1.NASL
    description This update for kvm fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-06
    plugin id 119456
    published 2018-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119456
    title SUSE SLES11 Security Update : kvm (SUSE-SU-2018:3987-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-13921-1.NASL
    description This update for xen fixes the following issues : Security vulnerabilities fixed : CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service (DoS) affecting the entire host, or may be able to access data it is not supposed to access. (XSA-275) (bsc#1115040) CVE-2018-19965: Fixed an issue related to the INVPCID instruction in case non-canonical addresses are accessed, which may allow a guest to cause Xen to crash, resulting in a Denial of Service (DoS) affecting the entire host. (XSA-279) (bsc#1115045) CVE-2018-19966: Fixed an issue related to a previous fix for XSA-240, which conflicted with shadow paging and allowed a guest to cause Xen to crash, resulting in a Denial of Service (DoS) (XSA-280) (bsc#1115047) CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service (DoS). (XSA-282) (bsc#1114988) CVE-2018-19665: Fixed an integer overflow resulting in memory corruption in various Bluetooth functions, allowing this to crash qemu process resulting in Denial of Service (DoS). (bsc#1117756). CVE-2018-18849: Fixed an out of bounds memory access in the LSI53C895A SCSI host bus adapter emulation, which allowed a user and/or process to crash the qemu process resulting in a Denial of Service (DoS). (bsc#1114423) Fixed an integer overflow in ccid_card_vscard_read(), which allowed for memory corruption. (bsc#1112188) CVE-2017-13672: Fixed an out of bounds read access during display update (bsc#1056336) CVE-2018-17958: Fixed an integer overflow leading to a buffer overflow in the rtl8139 component (bsc#1111007) CVE-2018-17962: Fixed an integer overflow leading to a buffer overflow in the pcnet component (bsc#1111011) CVE-2018-17963: Fixed an integer overflow in relation to large packet sizes, leading to a denial of service (DoS). (bsc#1111014) CVE-2018-10839: Fixed an integer overflow leading to a buffer overflow in the ne2000 component (bsc#1110924) Other bugs fixed: Fixed an issue related to a domU hang on SLE12-SP3 HV (bsc#1108940) Upstream bug fixes (bsc#1027519) Fixed crashing VMs when migrating between dom0 hosts (bsc#1031382) Fixed an issue with xpti=no-dom0 not working as expected (bsc#1105528) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-08
    plugin id 121004
    published 2019-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121004
    title SUSE SLES11 Security Update : xen (SUSE-SU-2019:13921-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4237-1.NASL
    description This update for qemu fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 119872
    published 2018-12-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119872
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:4237-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3912-1.NASL
    description This update for qemu fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 119215
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119215
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:3912-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4129-1.NASL
    description This update for qemu fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Non-security issues fixed: Improving disk performance for qemu on xen (bsc#1100408) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 119741
    published 2018-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119741
    title SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:4129-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1563.NASL
    description This update for qemu fixes the following issues : Security issues fixed : - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Non-security issues fixed : - Improving disk performance for qemu on xen (bsc#1100408) This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen 2019-02-21
    modified 2018-12-17
    plugin id 119717
    published 2018-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119717
    title openSUSE Security Update : qemu (openSUSE-2018-1563)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3973-1.NASL
    description This update for qemu fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-06
    plugin id 119453
    published 2018-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119453
    title SUSE SLES12 Security Update : qemu (SUSE-SU-2018:3973-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-4185-1.NASL
    description This update for qemu fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations (bsc#1114529). Non-security issue fixed: Fixed a condition when retry logic does not have been executed in case of data transmit failure or connection hungup (bsc#1108474). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 119763
    published 2018-12-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119763
    title SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:4185-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3975-1.NASL
    description This update for kvm fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). CVE-2018-18438: Fixed integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value (bnc#1112185). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-06
    plugin id 119454
    published 2018-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119454
    title SUSE SLES11 Security Update : kvm (SUSE-SU-2018:3975-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3927-1.NASL
    description This update for qemu fixes the following issues : Security issues fixed : CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process (bsc#1114529). CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Non-security issues fixed: Fix slowness in arm32 emulation (bsc#1112499). In order to improve spectre mitigation for s390x, add a new feature in the QEMU cpu model to provide the etoken cpu feature for guests (bsc#1107489). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120171
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120171
    title SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2018:3927-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3826-1.NASL
    description Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839) It was discovered that QEMU incorrectly handled the Slirp networking back-end. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-11806) Fakhri Zulkifli discovered that the QEMU guest agent incorrectly handled certain QMP commands. An attacker could possibly use this issue to crash the QEMU guest agent, resulting in a denial of service. (CVE-2018-12617) Li Qiang discovered that QEMU incorrectly handled NVM Express Controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16847) Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled RTL8139 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17958) Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled PCNET device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17962) Daniel Shapira discovered that QEMU incorrectly handled large packet sizes. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17963) It was discovered that QEMU incorrectly handled LSI53C895A device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-18849) Moguofang discovered that QEMU incorrectly handled the IPowerNV LPC controller. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-18954) Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System support. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2018-19364). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 119216
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119216
    title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : qemu vulnerabilities (USN-3826-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-87F2ACE20D.NASL
    description - Fix cpu model crash on AMD hosts (bz #1640140) - CVE-2018-15746: seccomp blacklist is not applied to all threads (bz #1618357) - Fix assertion in address_space_stw_le_cached (bz #1644728) - CVE-2018-10839: ne2000: fix possible out of bound access (bz #1636429) - CVE-2018-17958: rtl8139: fix possible out of bound access (bz #1636729) - CVE-2018-17962: pcnet: fix possible buffer overflow (bz #1636775) - CVE-2018-17963: net: ignore packet size greater than INT_MAX (bz #1636782) - CVE-2018-18849: lsi53c895a: OOB msg buffer access leads to DoS (bz #1644977) - CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb (bz #1645442) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120587
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120587
    title Fedora 29 : 2:qemu (2018-87f2ace20d)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1483.NASL
    description This update for qemu fixes the following issues : Security issues fixed : - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910). - CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222). - CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process (bsc#1114529). - CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006). - CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010). - CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. (bsc#1111013) - CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422). Non-security issues fixed : - Fix slowness in arm32 emulation (bsc#1112499). - In order to improve spectre mitigation for s390x, add a new feature in the QEMU cpu model to provide the etoken cpu feature for guests (bsc#1107489). This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119491
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119491
    title openSUSE Security Update : qemu (openSUSE-2018-1483)
refmap via4
bid 105556
bugtraq 20190531 [SECURITY] [DSA 4454-1] qemu security update
debian DSA-4454
mlist
  • [debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update
  • [oss-security] 20181008 Qemu: integer overflow issues
  • [qemu-devel] 20180926 [PULL 22/25] rtl8139: fix possible out of bound access
ubuntu USN-3826-1
Last major update 09-10-2018 - 18:29
Published 09-10-2018 - 18:29
Last modified 31-05-2019 - 10:29
Back to Top