CVE-2018-7550Out-of-bounds Read in Qemu

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write11 documents8 sources
Severity
8.8HIGHNVD
OSV10.0
EPSS
0.1%
top 75.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
QemuCanonical Ubuntu LinuxDebian Linux+6 more
Timeline
PublishedMar 1
Latest updateMay 13

Description

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages6 packages

Debianqemu/qemu< 1:2.12~rc3+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.41+2
NVDqemu/qemu2.11.1

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 7.6, 7.7, 7.5

Patches

Patch: lists.gnu.orgPatch: lists.gnu.org

🔴Vulnerability Details

4
GHSA
GHSA-6q85-h749-54pf: The load_multiboot function in hw/i386/multiboot2022-05-13
OSV
qemu vulnerabilities2018-05-16
CVEList
CVE-2018-7550: The load_multiboot function in hw/i386/multiboot2018-03-01
OSV
CVE-2018-7550: The load_multiboot function in hw/i386/multiboot2018-03-01

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2018-05-16
Red Hat
QEMU: i386: multiboot OOB access while loading kernel image2018-02-27
Debian
CVE-2018-7550: qemu - The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) ...2018

💬Community

3
Bugzilla
CVE-2018-7550 Qemu: i386: multiboot OOB access while loading kernel image [fedora-all]2018-02-27
Bugzilla
CVE-2018-7550 Qemu: i386: multiboot OOB access while loading kernel image [fedora-all]2018-02-27
Bugzilla
CVE-2018-7550 QEMU: i386: multiboot OOB access while loading kernel image2018-02-27
CVE-2018-7550 — Out-of-bounds Read in Qemu | cvebase