Published: 29/08/2018 Updated: 10/09/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. (CVE-2018-15746) A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat[] buffer. An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with privileges of the QEMU process. (CVE-2019-14378) An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. (CVE-2020-14364) A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ip_reass() routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an malicious user to crash the QEMU process on the host, resulting in a denial of service. (CVE-2020-1983)

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu

Synopsis Low: qemu-kvm security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Important: qemu-kvm-rhev security and bug fix update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 100 (Newton), Red Hat OpenStack Platform 130 (Queens), and Red Hat OpenStack Platform 140 (Rocky)Red Hat Product Secu ...

qemu-seccompc in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (CVE-2018-15746) A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator This flaw occurs in the ip_reass() routine whi ...

qemu-seccompc in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread ...

Debian Bug report logs - #911470 qemu: CVE-2018-18438: Integer overflow in ccid_card_vscard_read() allows memory corruption Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:51:02 UTC ...

Debian Bug report logs - #915884 qemu: CVE-2018-16867: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP) Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 7 Dec 2018 ...

Debian Bug report logs - #902725 CVE-2018-12617 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 29 Jun 2018 21:09:06 UTC Severity: important Tags: security Found in version qemu/1:212+dfsg-3 Fixed in ...

Debian Bug report logs - #911499 qemu: CVE-2018-17958: rtl8139: integer overflow leads to buffer overflow Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 21:15:01 UTC Severity: import ...

Debian Bug report logs - #914604 qemu: CVE-2018-18954: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Nov 2018 15:48:01 UTC Severity: i ...

Debian Bug report logs - #911468 qemu: CVE-2018-17962: pcnet: integer overflow leads to buffer overflow Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:45:03 UTC Severity: grave Tag ...

Debian Bug report logs - #914727 qemu: CVE-2018-19489: 9pfs: crash due to race condition in renaming files Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 26 Nov 2018 18:21:01 UTC Severity: import ...

Debian Bug report logs - #901017 qemu: CVE-2018-11806: slirp: heap buffer overflow while reassembling fragmented datagrams Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 8 Jun 2018 03:42:01 UTC ...

Debian Bug report logs - #910431 qemu: CVE-2018-10839: integer overflow leads to buffer overflow issue Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Oct 2018 07:42:02 UTC Severity: grave Tags ...

Debian Bug report logs - #907500 qemu: CVE-2018-15746: seccomp: blacklist is not applied to all threads Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 28 Aug 2018 19:57:04 UTC Severity: important ...

Debian Bug report logs - #912535 qemu: CVE-2018-18849 Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Nov 2018 07:18:02 UTC Severity: important Tags: patch, security, upstream Found in version ...

Debian Bug report logs - #911469 qemu: CVE-2018-17963: net: ignore packets with large size Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 20 Oct 2018 14:45:07 UTC Severity: grave Tags: security, ...

Debian Bug report logs - #914599 qemu: CVE-2018-19364: Use-after-free due to race condition while updating fid path Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Nov 2018 15:09:01 UTC Severit ...

NVD-CWE-noinfo https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html http://www.openwall.com/lists/oss-security/2018/08/28/6 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2020:3906 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2020-1449.html

Get Started

CVE-2018-15746

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect