PT-2018-3377 · Qemu+3 · Qemu+3

Zhibin Hu

Publicado

2018-11-22

Atualizado

2020-05-12

CVE-2018-19489

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: QEMU (affected versions not specified)

Description: The issue is related to the use of a shared resource with incorrect synchronization during file renaming in the QEMU hardware emulator, specifically in the v9fs wstat function. This can be exploited to cause a denial of service, resulting in a crash. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2018-2870

BDU:2020-00703

CVE-2018-19489

DLA-1646-1

DSA-4454-1

DSA-4454-2

OPENSUSE-SU-2019:0254-1

OPENSUSE-SU-2019_0254-1

OPENSUSE-SU-2019_1074-1

SUSE-SU-2019:0423-1

SUSE-SU-2019:0435-1

SUSE-SU-2019:0457-1

SUSE-SU-2019:0471-1

SUSE-SU-2019:0471-2

SUSE-SU-2019:0489-1

SUSE-SU-2019:0582-1

SUSE-SU-2019:13962-1

USN-3923-1

Produtos afetados

Alt Linux

Qemu

Suse

Ubuntu

PT-2018-3377 · Qemu+3 · Qemu+3

CVE-2018-19489

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 147