Vulnerability-Lookup

CVE-2018-7550 (GCVE-0-2018-7550)

Vulnerability from cvelistv5 – Published: 2018-03-01 00:00 – Updated: 2024-08-05 06:31

Summary

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

11 references

URL	Tags
https://access.redhat.com/errata/RHSA-2018:1369	vendor-advisory
https://lists.gnu.org/archive/html/qemu-devel/201…	mailing-list
https://lists.debian.org/debian-lts-announce/2018…	mailing-list
https://usn.ubuntu.com/3649-1/	vendor-advisory
https://lists.debian.org/debian-lts-announce/2018…	mailing-list
https://www.debian.org/security/2018/dsa-4213	vendor-advisory
https://lists.debian.org/debian-lts-announce/2018…	mailing-list
http://www.securityfocus.com/bid/103181	vdb-entry
https://bugzilla.redhat.com/show_bug.cgi?id=1549798
https://access.redhat.com/errata/RHSA-2018:2462	vendor-advisory
https://github.com/orangecertcc/security-research…

Date Public ?

2018-02-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:31:04.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1369",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1369"
          },
          {
            "name": "[qemu-devel] 20180228 [PATCH] multiboot: check mh_load_end_addr address field",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html"
          },
          {
            "name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1351-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html"
          },
          {
            "name": "USN-3649-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3649-1/"
          },
          {
            "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
          },
          {
            "name": "DSA-4213",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4213"
          },
          {
            "name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1350-1] qemu-kvm security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html"
          },
          {
            "name": "103181",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103181"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
          },
          {
            "name": "RHSA-2018:2462",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2462"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-02-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-30T21:56:51.639Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:1369",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1369"
        },
        {
          "name": "[qemu-devel] 20180228 [PATCH] multiboot: check mh_load_end_addr address field",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html"
        },
        {
          "name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1351-1] qemu security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html"
        },
        {
          "name": "USN-3649-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/3649-1/"
        },
        {
          "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
        },
        {
          "name": "DSA-4213",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4213"
        },
        {
          "name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1350-1] qemu-kvm security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html"
        },
        {
          "name": "103181",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/103181"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
        },
        {
          "name": "RHSA-2018:2462",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2462"
        },
        {
          "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7550",
    "datePublished": "2018-03-01T00:00:00.000Z",
    "dateReserved": "2018-02-27T00:00:00.000Z",
    "dateUpdated": "2024-08-05T06:31:04.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-7550",
      "date": "2026-05-21",
      "epss": "0.00084",
      "percentile": "0.24208"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.11.1\", \"matchCriteriaId\": \"1BADDD0F-A2EA-42DC-9EBC-7E35D48DD63C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9070C9D8-A14A-467F-8253-33B966C16886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33C068A4-3780-4EAB-A937-6082DF847564\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51EF4996-72F4-4FA4-814F-F5991E7A8318\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B353CE99-D57C-465B-AAB0-73EF581127D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7431ABC1-9252-419E-8CC1-311B41360078\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21690BAC-2129-4A33-9B48-1F3BF30072A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n load_multiboot en hw/i386/multiboot.c en Quick Emulator (tambi\\u00e9n conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten c\\u00f3digo arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor que mh_bss_end_addr. Esto desencadena un acceso de lectura o escritura a la memoria fuera de l\\u00edmites.\"}]",
      "id": "CVE-2018-7550",
      "lastModified": "2024-11-21T04:12:20.860",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-03-01T17:29:00.523",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/103181\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1369\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2462\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1549798\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://usn.ubuntu.com/3649-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4213\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/103181\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1369\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2462\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1549798\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://usn.ubuntu.com/3649-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4213\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}, {\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7550\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-03-01T17:29:00.523\",\"lastModified\":\"2024-11-21T04:12:20.860\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n load_multiboot en hw/i386/multiboot.c en Quick Emulator (tambi\u00e9n conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten c\u00f3digo arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor que mh_bss_end_addr. Esto desencadena un acceso de lectura o escritura a la memoria fuera de l\u00edmites.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.11.1\",\"matchCriteriaId\":\"1BADDD0F-A2EA-42DC-9EBC-7E35D48DD63C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21690BAC-2129-4A33-9B48-1F3BF30072A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/103181\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1369\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2462\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1549798\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://usn.ubuntu.com/3649-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4213\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1369\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2462\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1549798\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://usn.ubuntu.com/3649-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

BDU:2018-01508

Vulnerability from fstec - Published: 28.02.2018

Title

Уязвимость функции load_multiboot эмулятора аппаратного обеспечения Qemu, связанная с записью за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Description

Уязвимость функции load_multiboot (hw/i386/multiboot.c) эмулятора аппаратного обеспечения Qemu связана с ошибкой, приводящей к записи за пределами выделенного буфера памяти в ходе использования мультизагрузки. Эксплуатация уязвимости может позволить нарушителю выполненить произвольный код

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vendor

ООО «РусБИТех-Астра», Fabrice Bellard

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), QEMU

Software Version

1.5 «Смоленск» (Astra Linux Special Edition), от 2.0.0 до 2.11.1 включительно (QEMU), 1.6 «Смоленск» (Astra Linux Special Edition)

Possible Mitigations

Для Qemu: Обновление программного обеспечения до 2.12.0 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета Qemu) до 2.8+dfsg-6+deb9u4 или более поздней версии Для ОС Astra Linux 1.6 «Смоленск»: обновить пакет qemu до 1:2.8+dfsg-6+deb9u5astra.se0 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-7550 https://security-tracker.debian.org/tracker/CVE-2018-7550 https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fabrice Bellard",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), \u043e\u0442 2.0.0 \u0434\u043e 2.11.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (QEMU), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Qemu:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e  2.12.0 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 Qemu) \u0434\u043e 2.8+dfsg-6+deb9u4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 qemu \u0434\u043e 1:2.8+dfsg-6+deb9u5astra.se0 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/pages/viewpage.action?pageId=44892734",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.02.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.12.2018",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-01508",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-7550",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), QEMU",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 load_multiboot \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Qemu, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438  \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 load_multiboot (hw/i386/multiboot.c) \u044d\u043c\u0443\u043b\u044f\u0442\u043e\u0440\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Qemu \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0443\u0444\u0435\u0440\u0430 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 \u0445\u043e\u0434\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u0443\u043b\u044c\u0442\u0438\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2018-7550\nhttps://security-tracker.debian.org/tracker/CVE-2018-7550\nhttps://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}

CNVD-2018-06513

Vulnerability from cnvd - Published: 2018-03-27

Title

Qemu 'load_multiboot'函数任意代码执行漏洞

Description

QEMU（又名Quick Emulator）是法国程序员法布里斯-贝拉（Fabrice Bellard）所研发的一套模拟处理器软件。该软件具有速度快、跨平台等特点。 QEMU中的hw/i386/multiboot.c文件的'load_multiboot'函数存在安全漏洞。本地攻击者可借助大于mh_bss_end_addr的mh_load_end_addr值利用该漏洞在QEMU主机上执行任意代码。

Severity

中

Patch Name

Qemu 'load_multiboot'函数任意代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html

Reference

https://www.securityfocus.com/bid/103181/info

Impacted products

Name
QEMU QEMU 0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103181"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7550"
    }
  },
  "description": "QEMU\uff08\u53c8\u540dQuick Emulator\uff09\u662f\u6cd5\u56fd\u7a0b\u5e8f\u5458\u6cd5\u5e03\u91cc\u65af-\u8d1d\u62c9\uff08Fabrice Bellard\uff09\u6240\u7814\u53d1\u7684\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u901f\u5ea6\u5feb\u3001\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\r\n\r\nQEMU\u4e2d\u7684hw/i386/multiboot.c\u6587\u4ef6\u7684\u0027load_multiboot\u0027\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5927\u4e8emh_bss_end_addr\u7684mh_load_end_addr\u503c\u5229\u7528\u8be5\u6f0f\u6d1e\u5728QEMU\u4e3b\u673a\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Cyrille Chatras (Orange.com) and CERT-CC (Orange.com)",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06513",
  "openTime": "2018-03-27",
  "patchDescription": "QEMU\uff08\u53c8\u540dQuick Emulator\uff09\u662f\u6cd5\u56fd\u7a0b\u5e8f\u5458\u6cd5\u5e03\u91cc\u65af-\u8d1d\u62c9\uff08Fabrice Bellard\uff09\u6240\u7814\u53d1\u7684\u4e00\u5957\u6a21\u62df\u5904\u7406\u5668\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u901f\u5ea6\u5feb\u3001\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\r\n\r\nQEMU\u4e2d\u7684hw/i386/multiboot.c\u6587\u4ef6\u7684\u0027load_multiboot\u0027\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u501f\u52a9\u5927\u4e8emh_bss_end_addr\u7684mh_load_end_addr\u503c\u5229\u7528\u8be5\u6f0f\u6d1e\u5728QEMU\u4e3b\u673a\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Qemu \u0027load_multiboot\u0027\u51fd\u6570\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "QEMU QEMU 0"
  },
  "referenceLink": "https://www.securityfocus.com/bid/103181/info",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-01",
  "title": "Qemu \u0027load_multiboot\u0027\u51fd\u6570\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2018-7550

Vulnerability from fkie_nvd - Published: 2018-03-01 17:29 - Updated: 2024-11-21 04:12

Severity ?

8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/103181	Third Party Advisory, VDB Entry
cve@mitre.org	https://access.redhat.com/errata/RHSA-2018:1369	Third Party Advisory
cve@mitre.org	https://access.redhat.com/errata/RHSA-2018:2462	Third Party Advisory
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=1549798	Issue Tracking, Vendor Advisory
cve@mitre.org	https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html	Mailing List, Patch
cve@mitre.org	https://usn.ubuntu.com/3649-1/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2018/dsa-4213	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103181	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:1369	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:2462	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1549798	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html	Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3649-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2018/dsa-4213	Third Party Advisory

Impacted products

Vendor	Product	Version
qemu	qemu	*
debian	debian_linux	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10
canonical	ubuntu_linux	18.04
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_eus	7.5
redhat	enterprise_linux_server_eus	7.6
redhat	enterprise_linux_server_eus	7.7
redhat	enterprise_linux_server_tus	7.6
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BADDD0F-A2EA-42DC-9EBC-7E35D48DD63C",
              "versionEndIncluding": "2.11.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n load_multiboot en hw/i386/multiboot.c en Quick Emulator (tambi\u00e9n conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten c\u00f3digo arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor que mh_bss_end_addr. Esto desencadena un acceso de lectura o escritura a la memoria fuera de l\u00edmites."
    }
  ],
  "id": "CVE-2018-7550",
  "lastModified": "2024-11-21T04:12:20.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-01T17:29:00.523",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103181"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2462"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3649-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3649-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4213"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6Q85-H749-54PF

Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-7550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-01T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.",
  "id": "GHSA-6q85-h749-54pf",
  "modified": "2022-05-13T01:14:40Z",
  "published": "2022-05-13T01:14:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7550"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:1369"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2462"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3649-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103181"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-7550

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-7550

Aliases

CVE-2018-7550

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-7550",
    "description": "The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.",
    "id": "GSD-2018-7550",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-7550.html",
      "https://www.debian.org/security/2018/dsa-4213",
      "https://access.redhat.com/errata/RHSA-2018:2462",
      "https://access.redhat.com/errata/RHSA-2018:1646",
      "https://access.redhat.com/errata/RHSA-2018:1645",
      "https://access.redhat.com/errata/RHSA-2018:1644",
      "https://access.redhat.com/errata/RHSA-2018:1643",
      "https://access.redhat.com/errata/RHSA-2018:1369",
      "https://ubuntu.com/security/CVE-2018-7550",
      "https://alas.aws.amazon.com/cve/html/CVE-2018-7550.html",
      "https://linux.oracle.com/cve/CVE-2018-7550.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-7550"
      ],
      "details": "The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.",
      "id": "GSD-2018-7550",
      "modified": "2023-12-13T01:22:32.397727Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-7550",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2018:1369",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:1369"
          },
          {
            "name": "[qemu-devel] 20180228 [PATCH] multiboot: check mh_load_end_addr address field",
            "refsource": "MLIST",
            "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html"
          },
          {
            "name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1351-1] qemu security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html"
          },
          {
            "name": "USN-3649-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3649-1/"
          },
          {
            "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
          },
          {
            "name": "DSA-4213",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4213"
          },
          {
            "name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1350-1] qemu-kvm security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html"
          },
          {
            "name": "103181",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103181"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
          },
          {
            "name": "RHSA-2018:2462",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:2462"
          },
          {
            "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53",
            "refsource": "MISC",
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1BADDD0F-A2EA-42DC-9EBC-7E35D48DD63C",
                    "versionEndIncluding": "2.11.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                    "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                    "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                    "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access."
          },
          {
            "lang": "es",
            "value": "La funci\u00f3n load_multiboot en hw/i386/multiboot.c en Quick Emulator (tambi\u00e9n conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten c\u00f3digo arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor que mh_bss_end_addr. Esto desencadena un acceso de lectura o escritura a la memoria fuera de l\u00edmites."
          }
        ],
        "id": "CVE-2018-7550",
        "lastModified": "2024-01-30T22:15:52.420",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.0,
              "impactScore": 6.0,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2018-03-01T17:29:00.523",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/103181"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1369"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2462"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://usn.ubuntu.com/3649-1/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4213"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-125"
              },
              {
                "lang": "en",
                "value": "CWE-787"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

RHSA-2018:1369

Vulnerability from csaf_redhat - Published: 2018-05-10 16:05 - Updated: 2025-11-21 18:04

Summary

Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update

Severity

Moderate

Notes

Topic: An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * QEMU: i386: multiboot OOB access while loading kernel image (CVE-2018-7550) * QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Cyrille Chatras (Orange.com) and CERT-CC (Orange.com) for reporting CVE-2018-7550 and Ross Lagerwall (Citrix.com) for reporting CVE-2018-7858. Bug Fix(es): * In certain Red Hat Virtualization (RHV) guest configurations, virtual pass-through devices could not be removed properly. A reference count leak in the QEMU emulator has been removed, and the affected devices are now removed reliably. (BZ#1555213) * Previously, a raw disk image that was using the "--preallocation=full" option in some cases could not be resized. This problem has been fixed and no longer occurs. (BZ#1566587) * Due to race conditions in the virtio-blk and virtio-scsi services, the QEMU emulator sometimes terminated unexpectedly when shutting down. The race conditions have been removed, and QEMU now exits gracefully. (BZ#1566586) * Prior to this update, deleting guest snapshots using the RHV GUI in some cases failed due to an incorrect image-seeking algorithm. This update fixes the underlying code, and guest snapshots in RHV can now be deleted successfully. (BZ#1566369)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2018-7550

Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-7858

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

5.5 (Medium)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

References

17 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:1369	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1549798	external
https://bugzilla.redhat.com/show_bug.cgi?id=1553402	external
https://bugzilla.redhat.com/show_bug.cgi?id=1555213	external
https://bugzilla.redhat.com/show_bug.cgi?id=1566369	external
https://bugzilla.redhat.com/show_bug.cgi?id=1566586	external
https://bugzilla.redhat.com/show_bug.cgi?id=1566587	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-7550	self
https://bugzilla.redhat.com/show_bug.cgi?id=1549798	external
https://www.cve.org/CVERecord?id=CVE-2018-7550	external
https://nvd.nist.gov/vuln/detail/CVE-2018-7550	external
https://access.redhat.com/security/cve/CVE-2018-7858	self
https://bugzilla.redhat.com/show_bug.cgi?id=1553402	external
https://www.cve.org/CVERecord?id=CVE-2018-7858	external
https://nvd.nist.gov/vuln/detail/CVE-2018-7858	external

Acknowledgments

Orange.com CERT-CC Cyrille Chatras

Citrix.com Ross Lagerwall

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* QEMU: i386: multiboot OOB access while loading kernel image (CVE-2018-7550)\n\n* QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Cyrille Chatras (Orange.com) and CERT-CC (Orange.com) for reporting CVE-2018-7550 and Ross Lagerwall (Citrix.com) for reporting CVE-2018-7858.\n\nBug Fix(es):\n\n* In certain Red Hat Virtualization (RHV) guest configurations, virtual pass-through devices could not be removed properly. A reference count leak in the QEMU emulator has been removed, and the affected devices are now removed reliably. (BZ#1555213)\n\n* Previously, a raw disk image that was using the \"--preallocation=full\" option in some cases could not be resized. This problem has been fixed and no longer occurs. (BZ#1566587)\n\n* Due to race conditions in the virtio-blk and virtio-scsi services, the QEMU emulator sometimes terminated unexpectedly when shutting down. The race conditions have been removed, and QEMU now exits gracefully. (BZ#1566586)\n\n* Prior to this update, deleting guest snapshots using the RHV GUI in some cases failed due to an incorrect image-seeking algorithm. This update fixes the underlying code, and guest snapshots in RHV can now be deleted successfully. (BZ#1566369)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:1369",
        "url": "https://access.redhat.com/errata/RHSA-2018:1369"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1549798",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
      },
      {
        "category": "external",
        "summary": "1553402",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553402"
      },
      {
        "category": "external",
        "summary": "1555213",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555213"
      },
      {
        "category": "external",
        "summary": "1566369",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566369"
      },
      {
        "category": "external",
        "summary": "1566586",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566586"
      },
      {
        "category": "external",
        "summary": "1566587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566587"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1369.json"
      }
    ],
    "title": "Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update",
    "tracking": {
      "current_release_date": "2025-11-21T18:04:40+00:00",
      "generator": {
        "date": "2025-11-21T18:04:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2018:1369",
      "initial_release_date": "2018-05-10T16:05:14+00:00",
      "revision_history": [
        {
          "date": "2018-05-10T16:05:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-05-10T16:05:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:04:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
                "product": {
                  "name": "Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
                  "product_id": "7Server-RHEV-4-Agents-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64",
                "product": {
                  "name": "qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64",
                  "product_id": "qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-img-rhev@2.10.0-21.el7_5.2?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64",
                "product": {
                  "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64",
                  "product_id": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.10.0-21.el7_5.2?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64",
                "product": {
                  "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64",
                  "product_id": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.10.0-21.el7_5.2?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64",
                "product": {
                  "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64",
                  "product_id": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.10.0-21.el7_5.2?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7_5.2?arch=x86_64\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                "product": {
                  "name": "qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                  "product_id": "qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-img-rhev@2.10.0-21.el7_5.2?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le",
                "product": {
                  "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le",
                  "product_id": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.10.0-21.el7_5.2?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                "product": {
                  "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                  "product_id": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.10.0-21.el7_5.2?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                "product": {
                  "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                  "product_id": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.10.0-21.el7_5.2?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7_5.2?arch=ppc64le\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7_5.2?arch=src\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64 as a component of Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts",
          "product_id": "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64",
        "relates_to_product_reference": "7Server-RHEV-4-Agents-7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "CERT-CC",
            "Cyrille Chatras"
          ],
          "organization": "Orange.com"
        }
      ],
      "cve": "CVE-2018-7550",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2018-02-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1549798"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: i386: multiboot OOB access while loading kernel image",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-7550"
        },
        {
          "category": "external",
          "summary": "RHBZ#1549798",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7550",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7550"
        }
      ],
      "release_date": "2018-02-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-05-10T16:05:14+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1369"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "QEMU: i386: multiboot OOB access while loading kernel image"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ross Lagerwall"
          ],
          "organization": "Citrix.com"
        }
      ],
      "cve": "CVE-2018-7858",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2018-02-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1553402"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: cirrus: OOB access when updating VGA display",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le",
          "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-7858"
        },
        {
          "category": "external",
          "summary": "RHBZ#1553402",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553402"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7858",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7858",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7858"
        }
      ],
      "release_date": "2018-03-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-05-10T16:05:14+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1369"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-img-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.src",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.2.x86_64",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.ppc64le",
            "7Server-RHEV-4-Agents-7:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "QEMU: cirrus: OOB access when updating VGA display"
    }
  ]
}

RHSA-2018:1643

Vulnerability from csaf_redhat - Published: 2018-05-22 01:41 - Updated: 2025-11-21 18:04

Summary

Red Hat Security Advisory: qemu-kvm-rhev security update

Severity

Important

Notes

Topic: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 12.0 (Pike). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

CVE-2018-3639

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.

5.6 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-7550

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-7858

5.5 (Medium)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

References

22 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:1643	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilities/ssbd	external
https://bugzilla.redhat.com/show_bug.cgi?id=1566890	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-3639	self
https://bugzilla.redhat.com/show_bug.cgi?id=1566890	external
https://www.cve.org/CVERecord?id=CVE-2018-3639	external
https://nvd.nist.gov/vuln/detail/CVE-2018-3639	external
https://access.redhat.com/security/vulnerabilities/ssbd	external
https://bugs.chromium.org/p/project-zero/issues/d…	external
https://software.intel.com/sites/default/files/ma…	external
https://software.intel.com/sites/default/files/ma…	external
https://www.intel.com/content/www/us/en/security-…	external
https://access.redhat.com/security/cve/CVE-2018-7550	self
https://bugzilla.redhat.com/show_bug.cgi?id=1549798	external
https://www.cve.org/CVERecord?id=CVE-2018-7550	external
https://nvd.nist.gov/vuln/detail/CVE-2018-7550	external
https://access.redhat.com/security/cve/CVE-2018-7858	self
https://bugzilla.redhat.com/show_bug.cgi?id=1553402	external
https://www.cve.org/CVERecord?id=CVE-2018-7858	external
https://nvd.nist.gov/vuln/detail/CVE-2018-7858	external

Acknowledgments

Google Project Zero Jann Horn

Microsoft Security Response Center Ken Johnson

Orange.com CERT-CC Cyrille Chatras

Citrix.com Ross Lagerwall

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 12.0 (Pike).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load \u0026 Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor\u0027s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:1643",
        "url": "https://access.redhat.com/errata/RHSA-2018:1643"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/ssbd",
        "url": "https://access.redhat.com/security/vulnerabilities/ssbd"
      },
      {
        "category": "external",
        "summary": "1566890",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566890"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1643.json"
      }
    ],
    "title": "Red Hat Security Advisory: qemu-kvm-rhev security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:04:53+00:00",
      "generator": {
        "date": "2025-11-21T18:04:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2018:1643",
      "initial_release_date": "2018-05-22T01:41:08+00:00",
      "revision_history": [
        {
          "date": "2018-05-22T01:41:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-05-22T01:41:08+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:04:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 12.0",
                "product": {
                  "name": "Red Hat OpenStack Platform 12.0",
                  "product_id": "7Server-RH7-RHOS-12.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:12::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
                "product": {
                  "name": "qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_id": "qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-img-rhev@2.10.0-21.el7_5.3?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
                "product": {
                  "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_id": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.10.0-21.el7_5.3?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64",
                "product": {
                  "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_id": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.10.0-21.el7_5.3?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
                "product": {
                  "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
                  "product_id": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.10.0-21.el7_5.3?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7_5.3?arch=x86_64\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                "product": {
                  "name": "qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                  "product_id": "qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-img-rhev@2.10.0-21.el7_5.3?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                "product": {
                  "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                  "product_id": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.10.0-21.el7_5.3?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                "product": {
                  "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                  "product_id": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.10.0-21.el7_5.3?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
                "product": {
                  "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
                  "product_id": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.10.0-21.el7_5.3?arch=ppc64le\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7_5.3?arch=ppc64le\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7_5.3?arch=src\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64 as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64 as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64 as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64 as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64 as a component of Red Hat OpenStack Platform 12.0",
          "product_id": "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-12.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Jann Horn"
          ],
          "organization": "Google Project Zero"
        },
        {
          "names": [
            "Ken Johnson"
          ],
          "organization": "Microsoft Security Response Center"
        }
      ],
      "cve": "CVE-2018-3639",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-03-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1566890"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load \u0026 Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor\u0027s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: cpu: speculative store bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/ssbd",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "RHBZ#1566890",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566890"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/ssbd",
          "url": "https://access.redhat.com/security/vulnerabilities/ssbd"
        },
        {
          "category": "external",
          "summary": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf",
          "url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf",
          "url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
        }
      ],
      "release_date": "2018-05-21T21:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-05-22T01:41:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1643"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: cpu: speculative store bypass"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "CERT-CC",
            "Cyrille Chatras"
          ],
          "organization": "Orange.com"
        }
      ],
      "cve": "CVE-2018-7550",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2018-02-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1549798"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: i386: multiboot OOB access while loading kernel image",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-7550"
        },
        {
          "category": "external",
          "summary": "RHBZ#1549798",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7550",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7550"
        }
      ],
      "release_date": "2018-02-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-05-22T01:41:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1643"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "QEMU: i386: multiboot OOB access while loading kernel image"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ross Lagerwall"
          ],
          "organization": "Citrix.com"
        }
      ],
      "cve": "CVE-2018-7858",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2018-02-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1553402"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: cirrus: OOB access when updating VGA display",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
          "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-7858"
        },
        {
          "category": "external",
          "summary": "RHBZ#1553402",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553402"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7858",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7858",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7858"
        }
      ],
      "release_date": "2018-03-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-05-22T01:41:08+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1643"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.ppc64le",
            "7Server-RH7-RHOS-12.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "QEMU: cirrus: OOB access when updating VGA display"
    }
  ]
}

RHSA-2018:1644

Vulnerability from csaf_redhat - Published: 2018-05-22 01:47 - Updated: 2025-11-21 18:04

Summary

Red Hat Security Advisory: qemu-kvm-rhev security update

Severity

Important

Notes

Topic: An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

CVE-2018-3639

5.6 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2018-7550

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2018-7858

5.5 (Medium)


                        
                          CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64	—	Vendor Fix fix

Threats

Impact Moderate

References

22 references

URL	Category
https://access.redhat.com/errata/RHSA-2018:1644	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilities/ssbd	external
https://bugzilla.redhat.com/show_bug.cgi?id=1566890	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-3639	self
https://bugzilla.redhat.com/show_bug.cgi?id=1566890	external
https://www.cve.org/CVERecord?id=CVE-2018-3639	external
https://nvd.nist.gov/vuln/detail/CVE-2018-3639	external
https://access.redhat.com/security/vulnerabilities/ssbd	external
https://bugs.chromium.org/p/project-zero/issues/d…	external
https://software.intel.com/sites/default/files/ma…	external
https://software.intel.com/sites/default/files/ma…	external
https://www.intel.com/content/www/us/en/security-…	external
https://access.redhat.com/security/cve/CVE-2018-7550	self
https://bugzilla.redhat.com/show_bug.cgi?id=1549798	external
https://www.cve.org/CVERecord?id=CVE-2018-7550	external
https://nvd.nist.gov/vuln/detail/CVE-2018-7550	external
https://access.redhat.com/security/cve/CVE-2018-7858	self
https://bugzilla.redhat.com/show_bug.cgi?id=1553402	external
https://www.cve.org/CVERecord?id=CVE-2018-7858	external
https://nvd.nist.gov/vuln/detail/CVE-2018-7858	external

Acknowledgments

Google Project Zero Jann Horn

Microsoft Security Response Center Ken Johnson

Orange.com CERT-CC Cyrille Chatras

Citrix.com Ross Lagerwall

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 10.0 (Newton).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load \u0026 Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor\u0027s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nNote: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:1644",
        "url": "https://access.redhat.com/errata/RHSA-2018:1644"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/ssbd",
        "url": "https://access.redhat.com/security/vulnerabilities/ssbd"
      },
      {
        "category": "external",
        "summary": "1566890",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566890"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1644.json"
      }
    ],
    "title": "Red Hat Security Advisory: qemu-kvm-rhev security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:04:53+00:00",
      "generator": {
        "date": "2025-11-21T18:04:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2018:1644",
      "initial_release_date": "2018-05-22T01:47:24+00:00",
      "revision_history": [
        {
          "date": "2018-05-22T01:47:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-05-22T01:47:24+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:04:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 10.0",
                "product": {
                  "name": "Red Hat OpenStack Platform 10.0",
                  "product_id": "7Server-RH7-RHOS-10.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:10::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
                "product": {
                  "name": "qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_id": "qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-img-rhev@2.10.0-21.el7_5.3?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
                "product": {
                  "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_id": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-common-rhev@2.10.0-21.el7_5.3?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64",
                "product": {
                  "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_id": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-tools-rhev@2.10.0-21.el7_5.3?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
                "product": {
                  "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
                  "product_id": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev-debuginfo@2.10.0-21.el7_5.3?arch=x86_64\u0026epoch=10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7_5.3?arch=x86_64\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
                "product": {
                  "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
                  "product_id": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/qemu-kvm-rhev@2.10.0-21.el7_5.3?arch=src\u0026epoch=10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64 as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64"
        },
        "product_reference": "qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64 as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64"
        },
        "product_reference": "qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64 as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64 as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64"
        },
        "product_reference": "qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64 as a component of Red Hat OpenStack Platform 10.0",
          "product_id": "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
        },
        "product_reference": "qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOS-10.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Jann Horn"
          ],
          "organization": "Google Project Zero"
        },
        {
          "names": [
            "Ken Johnson"
          ],
          "organization": "Microsoft Security Response Center"
        }
      ],
      "cve": "CVE-2018-3639",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2018-03-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1566890"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load \u0026 Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor\u0027s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hw: cpu: speculative store bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/ssbd",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "RHBZ#1566890",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566890"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/ssbd",
          "url": "https://access.redhat.com/security/vulnerabilities/ssbd"
        },
        {
          "category": "external",
          "summary": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf",
          "url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf"
        },
        {
          "category": "external",
          "summary": "https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf",
          "url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf"
        },
        {
          "category": "external",
          "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
        }
      ],
      "release_date": "2018-05-21T21:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-05-22T01:47:24+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1644"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hw: cpu: speculative store bypass"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "CERT-CC",
            "Cyrille Chatras"
          ],
          "organization": "Orange.com"
        }
      ],
      "cve": "CVE-2018-7550",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2018-02-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1549798"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: i386: multiboot OOB access while loading kernel image",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-7550"
        },
        {
          "category": "external",
          "summary": "RHBZ#1549798",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7550",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7550"
        }
      ],
      "release_date": "2018-02-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-05-22T01:47:24+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1644"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "QEMU: i386: multiboot OOB access while loading kernel image"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Ross Lagerwall"
          ],
          "organization": "Citrix.com"
        }
      ],
      "cve": "CVE-2018-7858",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2018-02-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1553402"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "QEMU: cirrus: OOB access when updating VGA display",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
          "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-7858"
        },
        {
          "category": "external",
          "summary": "RHBZ#1553402",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553402"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7858",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7858",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7858"
        }
      ],
      "release_date": "2018-03-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-05-22T01:47:24+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.",
          "product_ids": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:1644"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RH7-RHOS-10.0:qemu-img-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-common-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.src",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-rhev-debuginfo-10:2.10.0-21.el7_5.3.x86_64",
            "7Server-RH7-RHOS-10.0:qemu-kvm-tools-rhev-10:2.10.0-21.el7_5.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "QEMU: cirrus: OOB access when updating VGA display"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-7550 (GCVE-0-2018-7550)

Solution

Solution

Tags

Sightings

Nomenclature