Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-7550

Опубликовано: 27 фев. 2018
Источник: redhat
CVSS3: 7.8
CVSS2: 6.2
EPSS Низкий

Описание

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. A user or process could use this flaw to potentially achieve arbitrary code execution on a host.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvm-maNot affected
Red Hat Enterprise Linux 8qemu-kvmNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevWill not fix
Red Hat OpenStack Platform 11 (Ocata)qemu-kvm-rhevWill not fix
Red Hat Enterprise Linux 7qemu-kvmFixedRHSA-2018:246216.08.2018
Red Hat OpenStack Platform 10.0 (Newton)qemu-kvm-rhevFixedRHSA-2018:164422.05.2018
Red Hat OpenStack Platform 12.0 (Pike)qemu-kvm-rhevFixedRHSA-2018:164322.05.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1549798QEMU: i386: multiboot OOB access while loading kernel image

EPSS

Процентиль: 30%
0.00109
Низкий

7.8 High

CVSS3

6.2 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2018-7550

CVSS3: 8.8
ubuntu
больше 7 лет назад

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

nvd логотип

CVE-2018-7550

CVSS3: 8.8
nvd
больше 7 лет назад

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

debian логотип

CVE-2018-7550

CVSS3: 8.8
debian
больше 7 лет назад

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ( ...

github логотип

GHSA-6q85-h749-54pf

CVSS3: 8.8
github
около 3 лет назад

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

fstec логотип

BDU:2018-01508

CVSS3: 8.8
fstec
больше 7 лет назад

Уязвимость функции load_multiboot эмулятора аппаратного обеспечения Qemu, связанная с записью за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 30%
0.00109
Низкий

7.8 High

CVSS3

6.2 Medium

CVSS2

Уязвимость CVE-2018-7550