Main Vulnerability Database Vulnerabilities #VU16553

Improper input validation in QEMU - CVE-2018-15746

Published: December 16, 2018 / Updated: December 17, 2018

Vulnerability identifier: #VU16553

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-15746

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: QEMU

Affected software:
QEMU

Detailed vulnerability description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists in qemu-seccomp.c due to an error when processing malicious input. An adjacent attacker can leverage mishandling of the seccomp policy for threads other than the main thread and cause the service to crash.

How to mitigate CVE-2018-15746

Install update from vendor's website.

Sources

https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html

Improper input validation in QEMU - CVE-2018-15746

Detailed vulnerability description

How to mitigate CVE-2018-15746

Sources

Please verify you're human