CVE-2018-7858
published 2018-03-12CVE-2018-7858: Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | qemu | < qemu 1:2.12~rc3+dfsg-1 (bookworm) | qemu 1:2.12~rc3+dfsg-1 (bookworm) |
| opensuse | leap | — | — |
| qemu | qemu | <= 2.11.2 | — |
| qemu | qemu | >= 0 < 1:2.12~rc3+dfsg-1 | 1:2.12~rc3+dfsg-1 |
| qemu | qemu | >= 0 < 1:2.12~rc3+dfsg-1 | 1:2.12~rc3+dfsg-1 |
| qemu | qemu | >= 0 < 1:2.12~rc3+dfsg-1 | 1:2.12~rc3+dfsg-1 |
| qemu | qemu | >= 0 < 1:2.12~rc3+dfsg-1 | 1:2.12~rc3+dfsg-1 |
| qemu | qemu | >= 0 < 2.0.0+dfsg-2ubuntu1.41 | 2.0.0+dfsg-2ubuntu1.41 |
| qemu | qemu | >= 0 < 1:2.5+dfsg-5ubuntu10.28 | 1:2.5+dfsg-5ubuntu10.28 |
| qemu | qemu | >= 0 < 1:2.11+dfsg-1ubuntu7.1 | 1:2.11+dfsg-1ubuntu7.1 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv10.0CRITICAL