Fedora 29 update for qemu
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2018-15746 CVE-2018-10839 CVE-2018-17958 CVE-2018-17962 CVE-2018-17963 CVE-2018-18849 CVE-2018-18954 CVE-2018-16847 |
| CWE-ID | CWE-20 CWE-190 CWE-120 CWE-125 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system qemu Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU16553
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-15746
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists in qemu-seccomp.c due to an error when processing malicious input. An adjacent attacker can leverage mishandling of the seccomp policy for threads other than the main thread and cause the service to crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
qemu: before 3.0.0-2.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU15995
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-10839
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to integer overflow when built with the NE2000 NIC emulation support. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
qemu: before 3.0.0-2.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU16554
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-17958
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists due to a boundary error in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. An adjacent attacker can trigger integer overflow and cause the service to crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
qemu: before 3.0.0-2.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU15996
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-17962
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to buffer overflow in pcnet_receive in hw/net/pcnet.c when an incorrect integer data type is used. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
qemu: before 3.0.0-2.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU15997
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-17963
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to buffer overflow when qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX. A remote attacker can supply specially crafted packets over the network, trigger memory corruption and crash the Qemu process.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
qemu: before 3.0.0-2.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU16555
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-18849
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists due to message length value in 'msg_len' could be invalid due to an invalid migration stream while writing a message in 'lsi_do_msgin'. An adjacent attacker can trigger out-of-bounds read and cause the service to crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
qemu: before 3.0.0-2.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU18497
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-18954
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the pnv_lpc_do_eccb() function in hw/ppc/pnv_lpc.c. A local user can create a specially crafted application and gain read and write access to PowerNV memory.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
qemu: before 3.0.0-2.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap out-of-bounds read
EUVDB-ID: #VU16556
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-16847
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists in nvme_cmb_ops routines in nvme device due to OOB heap buffer read access issue in the NVM Express Controller emulation'. An adjacent attacker can crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 29
qemu: before 3.0.0-2.fc29
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
