#VU11134 Out-of-bounds read in QEMU - CVE-2018-7858
Published: March 16, 2018
Vulnerability identifier: #VU11134
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-7858
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
QEMU
QEMU
Software vendor:
QEMU
QEMU
Description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists due to improper VGA display updates. An adjacent attacker can use incorrect region calculations during VGA display updates, trigger out-of-bounds read and cause the service to crash.
The weakness exists due to improper VGA display updates. An adjacent attacker can use incorrect region calculations during VGA display updates, trigger out-of-bounds read and cause the service to crash.
Remediation
Install update from vendor's website.