Main Vulnerability Database Vulnerabilities #VU16560

#VU16560 Memory leak in QEMU - CVE-2018-20123

Published: December 17, 2018

Vulnerability identifier: #VU16560

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-20123

CWE-ID: CWE-401

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
QEMU

Software vendor:
QEMU

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to memory leakage issue in the way QEMU initialised its VMWare's paravirtual RDMA device. An adjacent attacker can cause pvrdma_realize() routine not to release memory resources allocated to various objects and leak host memory, resulting in DoS for host.

Remediation

Install update from vendor's website.

External links

https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html

#VU16560 Memory leak in QEMU - CVE-2018-20123

Description

Remediation

External links

Please verify you're human