CVE-2018-15746 — Incomplete List of Disallowed Inputs in Qemu

CWE-184 — Incomplete List of Disallowed Inputs7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 83.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedAug 29

Latest updateMay 13

Description

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/qemu< qemu 1:3.1+dfsg-1 (bookworm)

▶Debianqemu/qemu< 1:3.1+dfsg-1+3

▶NVDqemu/qemu3.0.1

Patches

Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-rp3q-x36m-62mp: qemu-seccomp↗2022-05-13

▶

OSV

CVE-2018-15746: qemu-seccomp↗2018-08-29

▶

📋Vendor Advisories

Red Hat

QEMU: seccomp: blacklist is not applied to all threads↗2018-08-13

▶

Debian

CVE-2018-15746: qemu - qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of ser...↗2018

▶

💬Community

Bugzilla

CVE-2018-15746 qemu: seccomp: blacklist is not applied to all threads [epel-7]↗2018-08-16

▶

Bugzilla

CVE-2018-15746 QEMU: seccomp: blacklist is not applied to all threads↗2018-08-13

▶