Vulnerability-Lookup

CVE-2018-5683 (GCVE-0-2018-5683)

Vulnerability from cvelistv5 – Published: 2018-01-23 18:00 – Updated: 2024-08-05 05:40

Summary

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

9 references

URL	Tags
https://access.redhat.com/errata/RHSA-2018:2162	vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4213	vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0816	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1104	vendor-advisoryx_refsource_REDHAT
https://lists.gnu.org/archive/html/qemu-devel/201…	mailing-listx_refsource_MLIST
https://usn.ubuntu.com/3575-1/	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/102518	vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2018/01/15/2	mailing-listx_refsource_MLIST

Date Public

2018-01-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:40:51.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2162",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2162"
          },
          {
            "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
          },
          {
            "name": "DSA-4213",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4213"
          },
          {
            "name": "RHSA-2018:0816",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0816"
          },
          {
            "name": "RHSA-2018:1104",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1104"
          },
          {
            "name": "[Qemu-devel] 20180112 Re: [Qemu-devel] [PATCH v3] vga: check the validation of memory addr when draw text",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html"
          },
          {
            "name": "USN-3575-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3575-1/"
          },
          {
            "name": "102518",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102518"
          },
          {
            "name": "[oss-security] 20180115 CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2018/01/15/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-07T09:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:2162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2162"
        },
        {
          "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
        },
        {
          "name": "DSA-4213",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4213"
        },
        {
          "name": "RHSA-2018:0816",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0816"
        },
        {
          "name": "RHSA-2018:1104",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1104"
        },
        {
          "name": "[Qemu-devel] 20180112 Re: [Qemu-devel] [PATCH v3] vga: check the validation of memory addr when draw text",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html"
        },
        {
          "name": "USN-3575-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3575-1/"
        },
        {
          "name": "102518",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102518"
        },
        {
          "name": "[oss-security] 20180115 CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2018/01/15/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-5683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2162",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2162"
            },
            {
              "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
            },
            {
              "name": "DSA-4213",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4213"
            },
            {
              "name": "RHSA-2018:0816",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0816"
            },
            {
              "name": "RHSA-2018:1104",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1104"
            },
            {
              "name": "[Qemu-devel] 20180112 Re: [Qemu-devel] [PATCH v3] vga: check the validation of memory addr when draw text",
              "refsource": "MLIST",
              "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html"
            },
            {
              "name": "USN-3575-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3575-1/"
            },
            {
              "name": "102518",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102518"
            },
            {
              "name": "[oss-security] 20180115 CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2018/01/15/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-5683",
    "datePublished": "2018-01-23T18:00:00.000Z",
    "dateReserved": "2018-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-05T05:40:51.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-5683",
      "date": "2026-05-28",
      "epss": "0.00029",
      "percentile": "0.08684"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-5683\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-01-23T18:29:00.580\",\"lastModified\":\"2024-11-21T04:09:09.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n vga_draw_text en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegaci\u00f3n de servicio (acceso de lectura fuera de l\u00edmites y cierre inesperado del proceso Qemu) aprovechando la validaci\u00f3n indebida de direcciones de memoria.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.11.1\",\"matchCriteriaId\":\"1BADDD0F-A2EA-42DC-9EBC-7E35D48DD63C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21690BAC-2129-4A33-9B48-1F3BF30072A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2018/01/15/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102518\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0816\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1104\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2162\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3575-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4213\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2018/01/15/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102518\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3575-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

SUSE-SU-2018:1308-1

Vulnerability from csaf_suse - Published: 2018-05-16 13:59 - Updated: 2018-05-16 13:59

Summary

Security update for kvm

Severity

Important

Notes

Title of the patch: Security update for kvm

Description of the patch: This update for kvm fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrates with corresponding changes in libvirt. A January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on patches from upstream. This update defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ (CVE-2017-5715 bsc#1068032) A patch is added to continue to detect Spectre v2 mitigation features (as shown by cpuid), and if found provide that feature to guests, even if running on older KVM (kernel) versions which do not yet expose that feature to QEMU. (bsc#1082276) Additional security fixes: - CVE-2018-5683: An out-of-bounds read in vga_draw_text routine was fixed which could lead to crashes or information leakage. (bsc#1076114) - CVE-2018-7550: multiboot OOB access while loading kernel image was fixed that could lead to crashes (bsc#1083291) - CVE-2017-18030: An out-of-bounds access in cirrus_invalidate_region routine could lead to crashes or information leakage (bsc#1076179) - Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we've carried since the initial Spectre v2 patch was added. EDX bit 27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the guest is wrong in general, since the VM doesn't directly control the scheduling of physical hyperthreads. This is left strictly to the L0 hypervisor.

Patchnames: sleposp3-kvm-13603,slessp3-kvm-13603

CVE-2017-18030

2.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2017-5715

7.1 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-5683

4.2 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-7550

8.1 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64	—	Vendor Fix

Threats

Impact important

References

54 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1068032	self
https://bugzilla.suse.com/1076114	self
https://bugzilla.suse.com/1076179	self
https://bugzilla.suse.com/1082276	self
https://bugzilla.suse.com/1083291	self
https://www.suse.com/security/cve/CVE-2017-18030/	self
https://www.suse.com/security/cve/CVE-2017-5715/	self
https://www.suse.com/security/cve/CVE-2018-5683/	self
https://www.suse.com/security/cve/CVE-2018-7550/	self
https://www.suse.com/security/cve/CVE-2017-18030	external
https://bugzilla.suse.com/1076179	external
https://bugzilla.suse.com/1076180	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2017-5715	external
https://bugzilla.suse.com/1068032	external
https://bugzilla.suse.com/1074562	external
https://bugzilla.suse.com/1074578	external
https://bugzilla.suse.com/1074701	external
https://bugzilla.suse.com/1074741	external
https://bugzilla.suse.com/1074919	external
https://bugzilla.suse.com/1075006	external
https://bugzilla.suse.com/1075007	external
https://bugzilla.suse.com/1075262	external
https://bugzilla.suse.com/1075419	external
https://bugzilla.suse.com/1076115	external
https://bugzilla.suse.com/1076372	external
https://bugzilla.suse.com/1076606	external
https://bugzilla.suse.com/1078353	external
https://bugzilla.suse.com/1080039	external
https://bugzilla.suse.com/1087887	external
https://bugzilla.suse.com/1087939	external
https://bugzilla.suse.com/1088147	external
https://bugzilla.suse.com/1089055	external
https://bugzilla.suse.com/1091815	external
https://bugzilla.suse.com/1095735	external
https://bugzilla.suse.com/1102517	external
https://bugzilla.suse.com/1105108	external
https://bugzilla.suse.com/1126516	external
https://bugzilla.suse.com/1173489	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201457	external
https://bugzilla.suse.com/1201877	external
https://bugzilla.suse.com/1203236	external
https://www.suse.com/security/cve/CVE-2018-5683	external
https://bugzilla.suse.com/1076114	external
https://bugzilla.suse.com/1076116	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2018-7550	external
https://bugzilla.suse.com/1083291	external
https://bugzilla.suse.com/1083292	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for kvm",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\n  \nThis update for kvm fixes the following issues:\n\nThis update has the next round of Spectre v2 related patches,\nwhich now integrates with corresponding changes in libvirt. A\nJanuary 2018 release of qemu initially addressed the Spectre v2\nvulnerability for KVM guests by exposing the spec-ctrl feature\nfor all x86 vcpu types, which was the quick and dirty approach,\nbut not the proper solution. We remove that initial patch and now\nrely on patches from upstream. This update defines spec_ctrl and\nibpb cpu feature flags as well as new cpu models which are clones\nof existing models with either -IBRS or -IBPB added to the end of\nthe model name. These new vcpu models explicitly include the new\nfeature(s), whereas the feature flags can be added to the cpu\nparameter as with other features. In short, for continued Spectre\nv2 protection, ensure that either the appropriate cpu feature\nflag is added to the QEMU command-line, or one of the new cpu\nmodels is used. Although migration from older versions is\nsupported, the new cpu features won\u0027t be properly exposed to the\nguest until it is restarted with the cpu features explicitly\nadded. A reboot is insufficient.\n\nA warning patch is added which attempts to detect a migration\nfrom a qemu version which had the quick and dirty fix (it only\ndetects certain cases, but hopefully is helpful.)\n\nFor additional information on Spectre v2 as it relates to QEMU,\nsee:\n\thttps://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/\n\n(CVE-2017-5715 bsc#1068032)\n\nA patch is added to continue to detect Spectre v2 mitigation\nfeatures (as shown by cpuid), and if found provide that feature\nto guests, even if running on older KVM (kernel) versions which\ndo not yet expose that feature to QEMU. (bsc#1082276)\n\nAdditional security fixes:\n\n- CVE-2018-5683: An out-of-bounds read in vga_draw_text routine was fixed which could lead to crashes or information leakage. (bsc#1076114)\n- CVE-2018-7550: multiboot OOB access while loading kernel image was fixed that could lead to crashes (bsc#1083291)\n- CVE-2017-18030: An out-of-bounds access in cirrus_invalidate_region routine could lead to crashes or information leakage (bsc#1076179)\n\n- Eliminate bogus use of CPUID_7_0_EDX_PRED_CMD which we\u0027ve\n  carried since the initial Spectre v2 patch was added. EDX bit\n  27 of CPUID Leaf 07H, Sub-leaf 0 provides status on STIBP, and\n  not the PRED_CMD MSR. Exposing the STIBP CPUID feature bit to the\n  guest is wrong in general, since the VM doesn\u0027t directly control\n  the scheduling of physical hyperthreads. This is left strictly to\n  the L0 hypervisor.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sleposp3-kvm-13603,slessp3-kvm-13603",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1308-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:1308-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181308-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:1308-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004054.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1068032",
        "url": "https://bugzilla.suse.com/1068032"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1076114",
        "url": "https://bugzilla.suse.com/1076114"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1076179",
        "url": "https://bugzilla.suse.com/1076179"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1082276",
        "url": "https://bugzilla.suse.com/1082276"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1083291",
        "url": "https://bugzilla.suse.com/1083291"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-18030 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-18030/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5715 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5715/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5683 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5683/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-7550 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-7550/"
      }
    ],
    "title": "Security update for kvm",
    "tracking": {
      "current_release_date": "2018-05-16T13:59:32Z",
      "generator": {
        "date": "2018-05-16T13:59:32Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:1308-1",
      "initial_release_date": "2018-05-16T13:59:32Z",
      "revision_history": [
        {
          "date": "2018-05-16T13:59:32Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kvm-1.4.2-53.17.1.i586",
                "product": {
                  "name": "kvm-1.4.2-53.17.1.i586",
                  "product_id": "kvm-1.4.2-53.17.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kvm-1.4.2-53.17.1.s390x",
                "product": {
                  "name": "kvm-1.4.2-53.17.1.s390x",
                  "product_id": "kvm-1.4.2-53.17.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kvm-1.4.2-53.17.1.x86_64",
                "product": {
                  "name": "kvm-1.4.2-53.17.1.x86_64",
                  "product_id": "kvm-1.4.2-53.17.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-pos:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                  "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:11:sp3:teradata"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-53.17.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586"
        },
        "product_reference": "kvm-1.4.2-53.17.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-53.17.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586"
        },
        "product_reference": "kvm-1.4.2-53.17.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-53.17.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x"
        },
        "product_reference": "kvm-1.4.2-53.17.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-53.17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64"
        },
        "product_reference": "kvm-1.4.2-53.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-53.17.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586"
        },
        "product_reference": "kvm-1.4.2-53.17.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-53.17.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x"
        },
        "product_reference": "kvm-1.4.2-53.17.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kvm-1.4.2-53.17.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
        },
        "product_reference": "kvm-1.4.2-53.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-18030",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-18030"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-18030",
          "url": "https://www.suse.com/security/cve/CVE-2017-18030"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076179 for CVE-2017-18030",
          "url": "https://bugzilla.suse.com/1076179"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076180 for CVE-2017-18030",
          "url": "https://bugzilla.suse.com/1076180"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2017-18030",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-05-16T13:59:32Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-18030"
    },
    {
      "cve": "CVE-2017-5715",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5715"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5715",
          "url": "https://www.suse.com/security/cve/CVE-2017-5715"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1068032 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1068032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074562 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074562"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074578 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074701 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074741 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074919 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074919"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075006 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075006"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075007 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075007"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075262 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075262"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075419 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075419"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076115 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1076115"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076372 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1076372"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076606 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1076606"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1078353 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1078353"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1080039 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1080039"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087887 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1087887"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087939 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1087939"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1088147 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1088147"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089055 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1089055"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091815 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1091815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1095735 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1095735"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102517 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1102517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105108 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1105108"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126516 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1126516"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173489 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1173489"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201457 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1201457"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1201877"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203236 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1203236"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-05-16T13:59:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5715"
    },
    {
      "cve": "CVE-2018-5683",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5683"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5683",
          "url": "https://www.suse.com/security/cve/CVE-2018-5683"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076114 for CVE-2018-5683",
          "url": "https://bugzilla.suse.com/1076114"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076116 for CVE-2018-5683",
          "url": "https://bugzilla.suse.com/1076116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2018-5683",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-05-16T13:59:32Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-5683"
    },
    {
      "cve": "CVE-2018-7550",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-7550"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-7550",
          "url": "https://www.suse.com/security/cve/CVE-2018-7550"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1083291 for CVE-2018-7550",
          "url": "https://bugzilla.suse.com/1083291"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1083292 for CVE-2018-7550",
          "url": "https://bugzilla.suse.com/1083292"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:kvm-1.4.2-53.17.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:kvm-1.4.2-53.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-05-16T13:59:32Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-7550"
    }
  ]
}

WID-SEC-W-2024-2009

Vulnerability from csaf_certbund - Published: 2018-01-15 23:00 - Updated: 2024-09-02 22:00

Summary

QEMU: Mehrere Schwachstellen ermöglichen Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2017-18030

In QEMU existieren mehrere Schwachstellen wenn der QEMU Emulator mit der Unterstützung für VGA oder Cirrus CLGD 54xx VGA kompiliert wurde. Ein im Gastsystem angemeldeter Angreifer kann den QEMU Prozess zum Abstrz bringen undso einen Denial of Service verursachen.

Affected products

Known affected 7 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source QEMU Open Source	`cpe:/a:qemu:qemu:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2018-5683

Affected products

Known affected 7 products

Product	Identifier	Version
Oracle VM Oracle	`cpe:/a:oracle:vm:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source QEMU Open Source	`cpe:/a:qemu:qemu:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

References

28 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
http://seclists.org/oss-sec/2018/q1/50	external
http://seclists.org/oss-sec/2018/q1/49	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
http://www.ubuntu.com/usn/usn-3575-1/	external
http://www.ubuntu.com/usn/usn-3575-2/	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://security.gentoo.org/glsa/201804-08	external
https://access.redhat.com/errata/RHSA-2018:0816	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
https://www.debian.org/security/2018/dsa-4213	external
http://linux.oracle.com/errata/ELSA-2018-2162.html	external
https://access.redhat.com/errata/RHSA-2018:2162	external
http://linux.oracle.com/errata/ELSA-2018-4285.html	external
http://linux.oracle.com/errata/ELSA-2018-4289.html	external
http://linux.oracle.com/errata/ELSA-2019-4585.html	external
http://linux.oracle.com/errata/ELSA-2019-4630.html	external
https://oss.oracle.com/pipermail/oraclevm-errata/…	external
https://linux.oracle.com/errata/ELSA-2024-12604.html	external
https://linux.oracle.com/errata/ELSA-2024-12605.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in QEMU ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-2009 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2024-2009.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-2009 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2009"
      },
      {
        "category": "external",
        "summary": "Eintr\u00e4ge in der OSS Mailing Liste vom 2018-01-15",
        "url": "http://seclists.org/oss-sec/2018/q1/50"
      },
      {
        "category": "external",
        "summary": "Eintr\u00e4ge in der OSS Mailing Liste vom 2018-01-15",
        "url": "http://seclists.org/oss-sec/2018/q1/49"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:0438-1 vom 2018-02-14",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180438-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:0472-1 vom 2018-02-19",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180472-1.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3575-1 vom 2018-02-21",
        "url": "http://www.ubuntu.com/usn/usn-3575-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3575-2 vom 2018-03-05",
        "url": "http://www.ubuntu.com/usn/usn-3575-2/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:0601-1 vom 2018-03-05",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180601-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:0609-1 vom 2018-03-06",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180609-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:0638-1 vom 2018-03-09",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180638-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:0678-1 vom 2018-03-15",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180678-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:0831-1 vom 2018-03-28",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180831-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:0762-1 vom 2018-03-22",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180762-1.html"
      },
      {
        "category": "external",
        "summary": "GENTOO Security Advisory GLSA201804-08 vom 2018-04-09",
        "url": "https://security.gentoo.org/glsa/201804-08"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:0816 vom 2018-04-11",
        "url": "https://access.redhat.com/errata/RHSA-2018:0816"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:1077-1 vom 2018-04-25",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181077-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:1308-1 vom 2018-05-17",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181308-1.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4213 vom 2018-05-30",
        "url": "https://www.debian.org/security/2018/dsa-4213"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2018-2162 vom 2018-07-11",
        "url": "http://linux.oracle.com/errata/ELSA-2018-2162.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:2162 vom 2018-07-11",
        "url": "https://access.redhat.com/errata/RHSA-2018:2162"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2018-4285 vom 2018-11-21",
        "url": "http://linux.oracle.com/errata/ELSA-2018-4285.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2018-4289 vom 2018-11-29",
        "url": "http://linux.oracle.com/errata/ELSA-2018-4289.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4585 vom 2019-03-15",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4585.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-4630 vom 2019-05-14",
        "url": "http://linux.oracle.com/errata/ELSA-2019-4630.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2020-0027 vom 2020-07-13",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2020-July/000990.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12604 vom 2024-09-02",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12604.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12605 vom 2024-09-02",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12605.html"
      }
    ],
    "source_lang": "en-US",
    "title": "QEMU: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2024-09-02T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-03T08:16:47.575+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.6"
        }
      },
      "id": "WID-SEC-W-2024-2009",
      "initial_release_date": "2018-01-15T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2018-01-15T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2018-01-30T23:00:00.000+00:00",
          "number": "2",
          "summary": "Fixed a typo"
        },
        {
          "date": "2018-01-30T23:00:00.000+00:00",
          "number": "3",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-02-14T23:00:00.000+00:00",
          "number": "4",
          "summary": "New remediations available"
        },
        {
          "date": "2018-02-19T23:00:00.000+00:00",
          "number": "5",
          "summary": "New remediations available"
        },
        {
          "date": "2018-02-20T23:00:00.000+00:00",
          "number": "6",
          "summary": "New remediations available"
        },
        {
          "date": "2018-03-05T23:00:00.000+00:00",
          "number": "7",
          "summary": "New remediations available"
        },
        {
          "date": "2018-03-08T23:00:00.000+00:00",
          "number": "8",
          "summary": "New remediations available"
        },
        {
          "date": "2018-03-14T23:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2018-03-21T23:00:00.000+00:00",
          "number": "10",
          "summary": "New remediations available"
        },
        {
          "date": "2018-03-27T22:00:00.000+00:00",
          "number": "11",
          "summary": "New remediations available"
        },
        {
          "date": "2018-04-08T22:00:00.000+00:00",
          "number": "12",
          "summary": "New remediations available"
        },
        {
          "date": "2018-04-10T22:00:00.000+00:00",
          "number": "13",
          "summary": "New remediations available"
        },
        {
          "date": "2018-04-25T22:00:00.000+00:00",
          "number": "14",
          "summary": "New remediations available"
        },
        {
          "date": "2018-05-16T22:00:00.000+00:00",
          "number": "15",
          "summary": "New remediations available"
        },
        {
          "date": "2018-05-31T22:00:00.000+00:00",
          "number": "16",
          "summary": "New remediations available"
        },
        {
          "date": "2018-07-10T22:00:00.000+00:00",
          "number": "17",
          "summary": "New remediations available"
        },
        {
          "date": "2018-08-01T22:00:00.000+00:00",
          "number": "18",
          "summary": "Added references"
        },
        {
          "date": "2018-11-20T23:00:00.000+00:00",
          "number": "19",
          "summary": "New remediations available"
        },
        {
          "date": "2018-11-28T23:00:00.000+00:00",
          "number": "20",
          "summary": "New remediations available"
        },
        {
          "date": "2019-03-14T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2019-05-15T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2020-07-13T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von ORACLE aufgenommen"
        },
        {
          "date": "2024-09-02T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "24"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source QEMU",
            "product": {
              "name": "Open Source QEMU",
              "product_id": "T007150",
              "product_identification_helper": {
                "cpe": "cpe:/a:qemu:qemu:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle VM",
            "product": {
              "name": "Oracle VM",
              "product_id": "T011119",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:vm:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-18030",
      "notes": [
        {
          "category": "description",
          "text": "In QEMU existieren mehrere Schwachstellen wenn der QEMU Emulator mit der Unterst\u00fctzung f\u00fcr VGA oder Cirrus CLGD 54xx VGA kompiliert wurde. Ein im Gastsystem angemeldeter Angreifer kann den QEMU Prozess zum Abstrz bringen undso einen Denial of Service verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T007150",
          "T004914"
        ]
      },
      "release_date": "2018-01-15T23:00:00.000+00:00",
      "title": "CVE-2017-18030"
    },
    {
      "cve": "CVE-2018-5683",
      "notes": [
        {
          "category": "description",
          "text": "In QEMU existieren mehrere Schwachstellen wenn der QEMU Emulator mit der Unterst\u00fctzung f\u00fcr VGA oder Cirrus CLGD 54xx VGA kompiliert wurde. Ein im Gastsystem angemeldeter Angreifer kann den QEMU Prozess zum Abstrz bringen undso einen Denial of Service verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T011119",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T007150",
          "T004914"
        ]
      },
      "release_date": "2018-01-15T23:00:00.000+00:00",
      "title": "CVE-2018-5683"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-5683 (GCVE-0-2018-5683)

SUSE-SU-2018:1308-1

WID-SEC-W-2024-2009

Tags

Sightings

Nomenclature