CVE-2018-20815 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Qemu

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow10 documents7 sources

Severity

9.8CRITICALNVD

OSV5.6

EPSS

3.9%

top 11.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedMay 31

Latest updateMay 24

Description

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:3.1+dfsg-7 (bookworm)

▶Debianqemu/qemu< 1:3.1+dfsg-7+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.46+2

▶NVDqemu/qemu3.1.0

🔴Vulnerability Details

GHSA

GHSA-4g35-fx39-gwjh: In QEMU 3↗2022-05-24

▶

OSV

CVE-2018-20815: In QEMU 3↗2019-05-31

▶

OSV

qemu update↗2019-05-14

▶

📋Vendor Advisories

Ubuntu

QEMU update↗2019-05-14

▶

Red Hat

QEMU: device_tree: heap buffer overflow while loading device tree blob↗2018-12-14

▶

Debian

CVE-2018-20815: qemu - In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image...↗2018

▶

💬Community

Bugzilla

CVE-2018-20815 qemu: device_tree: heap buffer overflow while loading device tree blob [fedora-all]↗2019-03-27

▶

Bugzilla

CVE-2018-20815 QEMU: device_tree: heap buffer overflow while loading device tree blob↗2019-03-27

▶

Bugzilla

CVE-2018-20815 xen: QEMU: device_tree: heap buffer overflow while loading device tree blob [fedora-all]↗2019-03-27

▶