Lucene search

K
oraclelinuxOracleLinuxELSA-2019-4518
HistoryJan 25, 2019 - 12:00 a.m.

qemu security update

2019-01-2500:00:00
linux.oracle.com
13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

87.0%

[15:3.0.0-4.el7]

  • usb-mtp: use O_NOFOLLOW and O_CLOEXEC. (Gerd Hoffmann) [Orabug: 29056673] {CVE-2018-16872}
  • pvrdma: add uar_read routine (Prasad J Pandit) {CVE-2018-20191}
  • pvrdma: release ring object in case of an error (Prasad J Pandit) [Orabug: 29171822] {CVE-2018-20126}
  • pvrdma: check number of pages when creating rings (Prasad J Pandit) [Orabug: 29171821] {CVE-2018-20125}
  • pvrdma: check return value from pvrdma_idx_ring_has_ routines (Prasad J Pandit) [Orabug: 29171820] {CVE-2018-20216}
  • rdma: remove unused VENDOR_ERR_NO_SGE macro (Prasad J Pandit) [Orabug: 29121181] {CVE-2018-20124}
  • rdma: check num_sge does not exceed MAX_SGE (Prasad J Pandit) [Orabug: 29121181] {CVE-2018-20124}
  • i386: Add ‘stibp’ flag name (Eduardo Habkost) [Orabug: 29114828]
  • i386: Add some MSR based features on Cascadelake-Server CPU model (Tao Xu) [Orabug: 29029615]
  • i386: Update stepping of Cascadelake-Server (Tao Xu) [Orabug: 29029615]
  • kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES support (Bandan Das) [Orabug: 29029615]
  • x86: define a new MSR based feature word – FEATURE_WORDS_ARCH_CAPABILITIES (Robert Hoo) [Orabug: 29029615]
  • x86: Data structure changes to support MSR based features (Robert Hoo) [Orabug: 29029615]
  • kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS system ioctl (Robert Hoo) [Orabug: 29029615]
  • i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR (Robert Hoo) [Orabug: 29029615]
  • i386: Add new MSR indices for IA32_PRED_CMD and IA32_ARCH_CAPABILITIES (Robert Hoo) [Orabug: 29029615]
  • Fix compilation issue: ‘qapi_event_send_failover_primary_changed’ not declared (Mark Kanda) [Orabug: 29121163]
  • lsi_scsi: add support for PPR Extended Message (George Kennedy) [Orabug: 28879117]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

87.0%