PT-2018-2473 · Qemu+5 · Qemu+5

Jiang Xin

Published

2018-01-23

Updated

2020-10-15

CVE-2018-5683

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description The issue is related to the vga draw text function in QEMU, which is associated with incorrect input validation. This can lead to a denial of service, causing an out-of-bounds read and a crash of the QEMU process. Local OS guest privileged users can exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-1226

ALT-PU-2018-1657

BDU:2019-00716

CESA-2018_0816

CESA-2018_2162

CVE-2018-5683

DLA-1497-1

DSA-4213-1

OPENSUSE-SU-2018_0459-1

OPENSUSE-SU-2018_0780-1

RHSA-2018:0816

RHSA-2018:1104

RHSA-2018:1113

RHSA-2018:2162

RHSA-2018_0816

RHSA-2018_2162

SUSE-SU-2018:0438-1

SUSE-SU-2018:0472-1

SUSE-SU-2018:0601-1

SUSE-SU-2018:0609-1

SUSE-SU-2018:0638-1

SUSE-SU-2018:0678-1

SUSE-SU-2018:0762-1

SUSE-SU-2018:0831-1

SUSE-SU-2018:1077-1

SUSE-SU-2018:1308-1

USN-3575-1

USN-3575-2

Affected Products

Alt Linux

Centos

Qemu

Red Hat

Suse

Ubuntu

PT-2018-2473 · Qemu+5 · Qemu+5

CVE-2018-5683

Weakness Enumeration

Related Identifiers

Affected Products

References · 273