A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process.
Find out more about CVE-2018-11806 from the MITRE CVE dictionary dictionary and NIST NVD.
| CVSS3 Base Score | 5.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L |
| Attack Vector | Adjacent Network |
| Attack Complexity | High |
| Privileges Required | High |
| User Interaction | None |
| Scope | Changed |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat OpenStack Platform 13.0 (Queens) (qemu-kvm-rhev) | RHSA-2018:2822 | 2018-09-27 |
| Red Hat Enterprise Linux 7 (qemu-kvm-ma) | RHSA-2018:2762 | 2018-09-25 |
| Red Hat Enterprise Linux 7 (qemu-kvm) | RHSA-2018:2462 | 2018-08-16 |
| Red Hat OpenStack Platform 12.0 (qemu-kvm-rhev) | RHSA-2018:2822 | 2018-09-27 |
| Red Hat OpenStack Platform 8.0 (Liberty) (qemu-kvm-rhev) | RHSA-2018:2822 | 2018-09-27 |
| Red Hat OpenStack Platform 9.0 (qemu-kvm-rhev) | RHSA-2018:2822 | 2018-09-27 |
| Red Hat OpenStack Platform 10 (qemu-kvm-rhev) | RHSA-2018:2822 | 2018-09-27 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (qemu-kvm-rhev) | RHSA-2018:2887 | 2018-10-09 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | qemu-kvm-rhev | Will not fix |
| Red Hat Enterprise Linux 6 | qemu-kvm | Affected |
| Red Hat Enterprise Linux 5 | xen | Not affected |
| Red Hat Enterprise Linux 5 | kvm | Will not fix |
Vulmon