CVE-2018-7858 — Out-of-bounds Read in Qemu
Severity
5.5MEDIUMNVD
OSV10.0
EPSS
0.1%
top 82.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 12
Latest updateMay 13
Description
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages7 packages
Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10, Enterprise Linux 7.6, 7.5
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-f62g-jrwm-hq59: Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of serv↗2022-05-13
OSV▶
CVE-2018-7858: Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of serv↗2018-03-12
CVEList▶
CVE-2018-7858: Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of serv↗2018-03-12