4.7

CVE-2018-19489

v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 3.0.0
QemuQemu Version3.1.0 Updaterc0
QemuQemu Version3.1.0 Updaterc1
QemuQemu Version3.1.0 Updaterc2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
FedoraprojectFedora Version29
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
OpensuseLeap Version42.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.32
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:N/I:N/A:P
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/May/76
Third Party Advisory
Mailing List
https://www.debian.org/security/2019/dsa-4454
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
https://usn.ubuntu.com/3923-1/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/11/26/1
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/106007
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/153326
Third Party Advisory
VDB Entry
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d20398694a3b67a388d955b7a945ba4aa90a8a8
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
Patch
Vendor Advisory
Mailing List
https://security-tracker.debian.org/tracker/CVE-2018-19489
Third Party Advisory