8.8

CVE-2018-7550

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.11.1
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version17.10
CanonicalUbuntu Linux Version18.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.61% 0.451
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2018/dsa-4213
Third Party Advisory
https://usn.ubuntu.com/3649-1/
Third Party Advisory
http://www.securityfocus.com/bid/103181
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:1369
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2462
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1549798
Vendor Advisory
Issue Tracking
https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53
https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html
Third Party Advisory
Mailing List
https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
Patch
Mailing List