Main Vulnerability Database Vulnerabilities #VU16553

#VU16553 Improper input validation in QEMU - CVE-2018-15746

Published: December 16, 2018 / Updated: December 17, 2018

Vulnerability identifier: #VU16553

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-15746

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
QEMU

Software vendor:
QEMU

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists in qemu-seccomp.c due to an error when processing malicious input. An adjacent attacker can leverage mishandling of the seccomp policy for threads other than the main thread and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html

#VU16553 Improper input validation in QEMU - CVE-2018-15746

Description

Remediation

External links

Please verify you're human