Twenty Year Anniversary
Showing 1 - 4 of 4 RSS Feed

CVE-2018-7550

Status Candidate

Overview

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

Related Files

Red Hat Security Advisory 2018-2462-01
Posted Aug 16, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2462-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2018-11806, CVE-2018-7550
MD5 | e3685b7f1569a8e50b569e70cb3f0c66
Ubuntu Security Notice USN-3649-1
Posted May 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3649-1 - Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-16845, CVE-2018-7550, CVE-2018-7858
MD5 | 328c7fe35bf9b4dcb186ccdd37961b7e
Red Hat Security Advisory 2018-1369-01
Posted May 10, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1369-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include out-of-bounds access.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-7550, CVE-2018-7858
MD5 | 436f58ce6c3130ea7f966c619aebe7f6
Gentoo Linux Security Advisory 201804-08
Posted Apr 9, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201804-8 - Multiple vulnerabilities have been found in QEMU, the worst of which may allow an attacker to execute arbitrary code. Versions less than 2.11.1-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-13672, CVE-2017-15124, CVE-2017-16845, CVE-2017-17381, CVE-2017-18030, CVE-2017-18043, CVE-2017-5715, CVE-2018-5683, CVE-2018-5748, CVE-2018-7550
MD5 | c969153354519977c6d88060ae101ad8
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close