CVE-2018-5683 — Out-of-bounds Read in Qemu
Severity
6.0MEDIUMNVD
OSV4.4
EPSS
0.0%
top 91.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 23
Latest updateMay 13
Description
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0
Affected Packages6 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.6, 7.7
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-4v68-h86g-72p3: The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by↗2022-05-13
OSV▶
CVE-2018-5683: The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by↗2018-01-23
CVEList▶
CVE-2018-5683: The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by↗2018-01-23
📋Vendor Advisories
4💬Community
3Bugzilla▶
CVE-2018-5683 qemu: Out-of-bounds read in vga_draw_text function in hw/display/vga.c [fedora-all]↗2018-01-15
Bugzilla
▶