CVE-2018-7550: The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a…

high8.8CVSS 3.1

AVLACLPRLUINSCCHIHAH

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	qemu	< qemu 1:2.12~rc3+dfsg-1 (bookworm)	qemu 1:2.12~rc3+dfsg-1 (bookworm)
qemu	qemu	<= 2.11.1	—
qemu	qemu	>= 0 < 1:2.12~rc3+dfsg-1	1:2.12~rc3+dfsg-1
qemu	qemu	>= 0 < 1:2.12~rc3+dfsg-1	1:2.12~rc3+dfsg-1
qemu	qemu	>= 0 < 1:2.12~rc3+dfsg-1	1:2.12~rc3+dfsg-1
qemu	qemu	>= 0 < 1:2.12~rc3+dfsg-1	1:2.12~rc3+dfsg-1
qemu	qemu	>= 0 < 2.0.0+dfsg-2ubuntu1.41	2.0.0+dfsg-2ubuntu1.41
qemu	qemu	>= 0 < 1:2.5+dfsg-5ubuntu10.28	1:2.5+dfsg-5ubuntu10.28
qemu	qemu	>= 0 < 1:2.11+dfsg-1ubuntu7.1	1:2.11+dfsg-1ubuntu7.1
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

osv10.0CRITICAL