Out-of-bounds read in QEMU - CVE-2018-7858
Published: March 16, 2018
Vulnerability identifier: #VU11134
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-7858
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: QEMU
Affected software:
QEMU
QEMU
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to improper VGA display updates. An adjacent attacker can use incorrect region calculations during VGA display updates, trigger out-of-bounds read and cause the service to crash.
The weakness exists due to improper VGA display updates. An adjacent attacker can use incorrect region calculations during VGA display updates, trigger out-of-bounds read and cause the service to crash.
How to mitigate CVE-2018-7858
Install update from vendor's website.