Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-20815

Published: 31/05/2019 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Qemu

Vulnerability Summary

A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. (CVE-2018-20815) hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the malicious user to cause a denial of service via a device driver. (CVE-2019-5008) Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) qxl: null pointer dereference while releasing spice resources (CVE-2019-12155)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu 3.1.0

Vendor Advisories

Debian Security Advisories: DSA-4506-1 qemu -- security update
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs In addition this update fixes a regression which could cause NBD connections to hang For the oldstable distribution (stretch), these problems have been fixed in version 1:28+dfsg- ...
Ubuntu Security Notice: qemu update
Several issues were addressed in QEMU ...
Red Hat: Important: qemu-kvm-rhev security update
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: qemu-kvm-rhev security update
Synopsis Important: qemu-kvm-rhev security update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: qemu-kvm-ma security and bug fix update
Synopsis Important: qemu-kvm-ma security and bug fix update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Important: qemu-kvm-rhev security and bug fix update
Synopsis Important: qemu-kvm-rhev security and bug fix update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization for Red Hat Virtualization Host 7Red Hat Product Security has rated this update as having a Important security impact A Com ...
Red Hat: Important: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Important: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 and Red Hat Virtualization Engine 43Red Hat Product Security has rated this ...
Red Hat: Important: virt:rhel security update
Synopsis Important: virt:rhel security update Type/Severity Security Advisory: Important Topic An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Amazon Linux 2: ALAS2-2019-1248
A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type A user/process could use this flaw to potentially execute arbitrary code on a host system with p ...

References

CWE-119https://access.redhat.com/errata/RHSA-2019:1667https://access.redhat.com/errata/RHSA-2019:1723https://access.redhat.com/errata/RHSA-2019:1743https://access.redhat.com/errata/RHSA-2019:1881https://access.redhat.com/errata/RHSA-2019:1968https://access.redhat.com/errata/RHSA-2019:2507https://access.redhat.com/errata/RHSA-2019:2553https://seclists.org/bugtraq/2019/Aug/41https://www.debian.org/security/2019/dsa-4506https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/https://nvd.nist.govhttps://www.debian.org/security/2019/dsa-4506https://usn.ubuntu.com/3978-1/https://alas.aws.amazon.com/AL2/ALAS-2019-1248.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook