CVE-2018-20191

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).

Ссылки

http://www.openwall.com/lists/oss-security/2018/12/18/1
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/106276
Third Party Advisory
VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html
Patch
Third Party Advisory
https://usn.ubuntu.com/3923-1/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2018/12/18/1
Mailing List
Patch
Third Party Advisory
http://www.securityfocus.com/bid/106276
Third Party Advisory
VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html
Patch
Third Party Advisory
https://usn.ubuntu.com/3923-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Версия до 3.1.0 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01625

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2018-20191

CVSS3: 7.5

ubuntu

больше 6 лет назад

hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).

CVE-2018-20191

CVSS3: 3.8

redhat

больше 6 лет назад

hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).

CVE-2018-20191

CVSS3: 7.5

debian

больше 6 лет назад

hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation ...

GHSA-h5wg-wcrq-7mp8

CVSS3: 7.5

github

около 3 лет назад

hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).

BDU:2020-03203

CVSS3: 7.5

fstec

больше 6 лет назад

Уязвимость функций uar_read и uar_write виртуального сетевого адаптера PVRDMA эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 81%

0.01625

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476