CVE-2018-5683

Опубликовано: 25 дек. 2017

Источник: redhat

CVSS3: 3

CVSS2: 2.3

EPSS Низкий

Описание

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kvm	Will not fix
Red Hat Enterprise Linux 5	xen	Will not fix
Red Hat Enterprise Linux 7	qemu-guest-agent	Not affected
Red Hat Enterprise Linux 7	qemu-kvm	Affected
Red Hat Enterprise Linux 8	qemu-kvm	Not affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	qemu-kvm-rhev	Will not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)	qemu-kvm-rhev	Will not fix
Red Hat Enterprise Linux 6	qemu-kvm	Fixed	RHSA-2018:2162	10.07.2018
Red Hat Enterprise Linux 7	qemu-kvm	Fixed	RHSA-2018:0816	10.04.2018
Red Hat OpenStack Platform 10.0 (Newton)	qemu-kvm-rhev	Fixed	RHSA-2018:1113	11.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1530356Qemu: Out-of-bounds read in vga_draw_text routine

EPSS

Процентиль: 27%

0.00091

Низкий

3 Low

CVSS3

2.3 Low

CVSS2

Связанные уязвимости

CVE-2018-5683

CVSS3: 6

ubuntu

больше 7 лет назад

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

CVE-2018-5683

CVSS3: 6

nvd

больше 7 лет назад

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

CVE-2018-5683

CVSS3: 6

debian

больше 7 лет назад

The vga_draw_text function in Qemu allows local OS guest privileged us ...

GHSA-4v68-h86g-72p3

CVSS3: 6

github

около 3 лет назад

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

BDU:2019-00716

CVSS3: 6

fstec

больше 7 лет назад

Уязвимость функции vga_draw_text эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 27%

0.00091

Низкий

3 Low

CVSS3

2.3 Low

CVSS2