CVE-2018-19364 — Use After Free in Qemu

CWE-416 — Use After Free CWE-362 — Race Condition9 documents7 sources

Severity

5.5MEDIUMNVD

OSV6.5

EPSS

0.1%

top 77.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Canonical Ubuntu Linux +3 more

Timeline

PublishedDec 13

Latest updateMay 13

Description

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/qemu< qemu 1:3.1+dfsg-1 (bookworm)

▶Debianqemu/qemu< 1:3.1+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.44+2

▶NVDqemu/qemu3.0.0+1

▶NVDopensuse/leap42.3

Also affects: Debian Linux 8.0, 9.0, Fedora 29, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: www.openwall.com ↗Patch: lists.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-6p82-v9w6-85gx: hw/9pfs/cofile↗2022-05-13

▶

OSV

CVE-2018-19364: hw/9pfs/cofile↗2018-12-13

▶

OSV

qemu vulnerabilities↗2018-11-26

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2018-11-26

▶

Red Hat

Qemu: 9pfs: Use-after-free due to race condition while updating fid path↗2018-11-07

▶

Debian

CVE-2018-19364: qemu - hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is bei...↗2018

▶

💬Community

Bugzilla

CVE-2018-19364 qemu: 9pfs: Use-after-free due to race condition while updating fid path [fedora-all]↗2018-11-19

▶

Bugzilla

CVE-2018-19364 Qemu: 9pfs: Use-after-free due to race condition while updating fid path↗2018-10-25

▶