Main Vulnerability Database Vulnerabilities #VU16560

Memory leak in QEMU - CVE-2018-20123

Published: December 17, 2018

Vulnerability identifier: #VU16560

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-20123

CWE-ID: CWE-401

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: QEMU

Affected software:
QEMU

Detailed vulnerability description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to memory leakage issue in the way QEMU initialised its VMWare's paravirtual RDMA device. An adjacent attacker can cause pvrdma_realize() routine not to release memory resources allocated to various objects and leak host memory, resulting in DoS for host.

How to mitigate CVE-2018-20123

Install update from vendor's website.

Sources

https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html

Memory leak in QEMU - CVE-2018-20123

Detailed vulnerability description

How to mitigate CVE-2018-20123

Sources

Please verify you're human