CVE-2018-5683: The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by…

medium6CVSS 3.1

AVLACLPRHUINSCCNINAH

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	qemu	< qemu 1:2.12~rc3+dfsg-1 (bookworm)	qemu 1:2.12~rc3+dfsg-1 (bookworm)
qemu	qemu	<= 2.11.1	—
qemu	qemu	>= 0 < 1:2.12~rc3+dfsg-1	1:2.12~rc3+dfsg-1
qemu	qemu	>= 0 < 1:2.12~rc3+dfsg-1	1:2.12~rc3+dfsg-1
qemu	qemu	>= 0 < 1:2.12~rc3+dfsg-1	1:2.12~rc3+dfsg-1
qemu	qemu	>= 0 < 1:2.12~rc3+dfsg-1	1:2.12~rc3+dfsg-1
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.39	2.0.0+dfsg-2ubuntu1.39
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.40	2.0.0+dfsg-2ubuntu1.40
qemu	qemu	>= 0 < 1:2.5+dfsg-5ubuntu10.22	1:2.5+dfsg-5ubuntu10.22
qemu	qemu	>= 0 < 1:2.5+dfsg-5ubuntu10.24	1:2.5+dfsg-5ubuntu10.24
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—

CVSS provenance

nvdv3.16.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

osv6.0MEDIUM