Lucene search

K

[email protected]NVD:CVE-2018-7858

HistoryMar 12, 2018 - 9:29 p.m.

CVE-2018-7858

2018-03-1221:29:01

CWE-125

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

Affected configurations

NVD

Node

qemuqemuRange≤2.11.2

Node

opensuseleapMatch42.3

Node

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_server_ausMatch7.6

OR

redhatenterprise_linux_server_eusMatch7.5

OR

redhatenterprise_linux_server_eusMatch7.6

OR

redhatenterprise_linux_server_tusMatch7.6

OR

redhatenterprise_linux_workstationMatch6.0

OR

redhatenterprise_linux_workstationMatch7.0

Node

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch16.04lts

OR

canonicalubuntu_linuxMatch18.04lts

OR

canonicalubuntu_linuxMatch18.10

References

lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html

www.openwall.com/lists/oss-security/2018/03/09/1

www.securityfocus.com/bid/103350

access.redhat.com/errata/RHSA-2018:1369

access.redhat.com/errata/RHSA-2018:1416

access.redhat.com/errata/RHSA-2018:2162

bugzilla.redhat.com/show_bug.cgi?id=1553402

lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html

usn.ubuntu.com/3649-1/

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

Related for NVD:CVE-2018-7858

debiancve1 redhatcve1 nessus31 cvelist1 oraclelinux7 openvas12 prion1 osv1 veracode1 redhat7 cve1 ubuntucve1 centos2 f51 ubuntu1 amazon2 suse1 fedora1