Red Hat update for QEMU

Published: 2018-05-10 | Updated: 2018-05-14

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2018-7550 CVE-2018-7858
CWE-ID	CWE-119 CWE-125
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software Subscribe	Red Hat Virtualization for IBM Power LE Server applications / Virtualization software Red Hat Virtualization Server applications / Virtualization software
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU11163

Risk: Medium

CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7550

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The weakness exists in the load_multiboot function due to out-of-bounds read or write. An adjacent attacker can load a kernel image during the boot process, which may cause the mh_load_end_addr address to be greater than the mh_bss_end_addr address, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Virtualization for IBM Power LE: 4

Red Hat Virtualization: 4

External links

http://access.redhat.com/errata/RHSA-2018:1369

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU11134

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7858

CWE-ID: CWE-125 - Out-of-bounds read