Lucene search

K
oraclelinuxOracleLinuxELSA-2018-4313
HistoryDec 21, 2018 - 12:00 a.m.

qemu security update

2018-12-2100:00:00
linux.oracle.com
21

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

24.9%

[15:3.0.0-3.el7]

  • monitor: guard iothread access by mon->use_io_thread (Wolfgang Bumiller) [Orabug: 29046045]
  • monitor: delay monitor iothread creation (Wolfgang Bumiller) [Orabug: 29010480]
  • Revert ‘qmp: isolate responses into io thread’ (Marc-Andre Lureau) [Orabug: 29010480]
  • usb-mtp: outlaw slashes in filenames (Gerd Hoffmann) [Orabug: 29037012] {CVE-2018-16867}
    [15:3.0.0-2.el7]
  • vfio-pci: emit FAILOVER_PRIMARY_CHANGED event on guest behalf when unrealized (Si-Wei Liu) [Orabug: 29011784]
  • vfio-pci: add FAILOVER_PRIMARY_CHANGED event to shorten downtime during failover (Si-Wei Liu) [Orabug: 29011776]
  • virtio_net: Add support for ‘Data Path Switching’ during Live Migration. (Venu Busireddy) [Orabug: 28732921]
  • parfait: Run static analysis when --with parfait specified (Liam Merwick) [Orabug: 28625099]
  • parfait: add buildrpm/parfait-qemu.conf (Liam Merwick) [Orabug: 28625099]
  • configure: Provide option to explicitly disable AVX2 (Liam Merwick) [Orabug: 28625099]
  • lsi53c895a: convert to trace-events (Mark Cave-Ayland) [Orabug: 29011792]
  • lsi: Reselection needed to remove pending commands from queue (George Kennedy) [Orabug: 28626593]
  • lsi53c895a: check message length value is valid (Prasad J Pandit) [Orabug: 28873239] {CVE-2018-18849}
  • 9p: fix QEMU crash when renaming files (Greg Kurz) [Orabug: 28971710] {CVE-2018-19489}
  • 9p: take write lock on fid path updates (CVE-2018-19364) (Greg Kurz) [Orabug: 28957033] {CVE-2018-19364}
  • nvme: fix out-of-bounds access to the CMB (Paolo Bonzini) [Orabug: 28885521] {CVE-2018-16847}
  • kvm: x86: Fix kvm_arch_fixup_msi_route for remap-less case (Jan Kiszka) [Orabug: 28891193]
  • i386: Add new model of Cascadelake-Server (Tao Xu) [Orabug: 28886460]
  • i386: Add PKU on Skylake-Server CPU model (Tao Xu) [Orabug: 28886461]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

24.9%

Related for ELSA-2018-4313