Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3826-1
HistoryNov 26, 2018 - 12:00 a.m.

QEMU vulnerabilities

2018-11-2600:00:00
ubuntu.com
46

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.141 Low

EPSS

Percentile

95.6%

JSON

Releases

  • Ubuntu 18.10
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • qemu - Machine emulator and virtualizer

Details

Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled
NE2000 device emulation. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2018-10839)

It was discovered that QEMU incorrectly handled the Slirp networking
back-end. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code on the host. In the default installation, when QEMU is used
with libvirt, attackers would be isolated by the libvirt AppArmor profile.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu
18.04 LTS. (CVE-2018-11806)

Fakhri Zulkifli discovered that the QEMU guest agent incorrectly handled
certain QMP commands. An attacker could possibly use this issue to crash
the QEMU guest agent, resulting in a denial of service. (CVE-2018-12617)

Li Qiang discovered that QEMU incorrectly handled NVM Express Controller
emulation. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service, or possibly execute arbitrary
code on the host. In the default installation, when QEMU is used with
libvirt, attackers would be isolated by the libvirt AppArmor profile. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-16847)

Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled
RTL8139 device emulation. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17958)

Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled
PCNET device emulation. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2018-17962)

Daniel Shapira discovered that QEMU incorrectly handled large packet sizes.
An attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service. (CVE-2018-17963)

It was discovered that QEMU incorrectly handled LSI53C895A device
emulation. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2018-18849)

Moguofang discovered that QEMU incorrectly handled the IPowerNV LPC
controller. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. This issue only affected Ubuntu
18.04 LTS and Ubuntu 18.10. (CVE-2018-18954)

Zhibin Hu discovered that QEMU incorrectly handled the Plan 9 File System
support. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2018-19364)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.10noarchqemu-system< 1:2.12+dfsg-3ubuntu8.1UNKNOWN
Ubuntu18.10noarchqemu< 1:2.12+dfsg-3ubuntu8.1UNKNOWN
Ubuntu18.10noarchqemu-block-extra< 1:2.12+dfsg-3ubuntu8.1UNKNOWN
Ubuntu18.10noarchqemu-block-extra-dbgsym< 1:2.12+dfsg-3ubuntu8.1UNKNOWN
Ubuntu18.10noarchqemu-guest-agent< 1:2.12+dfsg-3ubuntu8.1UNKNOWN
Ubuntu18.10noarchqemu-guest-agent-dbgsym< 1:2.12+dfsg-3ubuntu8.1UNKNOWN
Ubuntu18.10noarchqemu-kvm< 1:2.12+dfsg-3ubuntu8.1UNKNOWN
Ubuntu18.10noarchqemu-system-arm< 1:2.12+dfsg-3ubuntu8.1UNKNOWN
Ubuntu18.10noarchqemu-system-arm-dbgsym< 1:2.12+dfsg-3ubuntu8.1UNKNOWN
Ubuntu18.10noarchqemu-system-common< 1:2.12+dfsg-3ubuntu8.1UNKNOWN
Rows per page:
1-10 of 1191

Related

nessus 54
openvas 46
fedora 5
suse 6
osv 13
debian 4
oraclelinux 5
redhat 5
centos 1
redhatcve 9
prion 10
cve 9
debiancve 10
ubuntucve 10
veracode 8
f5 2
zdi 1
zdt 1
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : QEMU vulnerabilities (USN-3826-1)
2018-11-27 00:00:00
Fedora 29 : 2:qemu (2018-87f2ace20d)
2019-01-03 00:00:00
openSUSE Security Update : qemu (openSUSE-2018-1483)
2018-12-07 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3826-1)
2018-11-27 00:00:00
openSUSE: Security Advisory for qemu (openSUSE-SU-2018:4004-1)
2018-12-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3927-1)
2021-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: qemu-3.0.0-2.fc29
2018-12-04 03:05:00
[SECURITY] Fedora 29 Update: qemu-3.0.0-4.fc29
2019-03-25 06:10:52
[SECURITY] Fedora 29 Update: qemu-3.0.1-3.fc29
2019-05-17 03:18:08
suse
suse
Security update for qemu (important)
2018-12-07 12:23:09
Security update for qemu (moderate)
2018-12-16 00:09:23
Security update for qemu (moderate)
2018-11-10 00:23:53
osv
osv
qemu - security update
2018-11-11 00:00:00
qemu - security update
2019-05-30 00:00:00
qemu - security update
2019-01-29 00:00:00
debian
debian
[SECURITY] [DSA 4338-1] qemu security update
2018-11-11 17:59:48
[SECURITY] [DSA 4454-1] qemu security update
2019-05-30 18:06:19
[SECURITY] [DLA 1646-1] qemu security update
2019-01-29 17:32:19
oraclelinux
oraclelinux
qemu security update
2018-10-29 00:00:00
qemu security update
2019-01-28 00:00:00
qemu security update
2018-12-21 00:00:00
redhat
redhat
(RHSA-2019:2892) Important: qemu-kvm security update
2019-09-24 12:48:33
(RHSA-2019:2425) Important: qemu-kvm-rhev security and bug fix update
2019-08-09 00:35:44
(RHSA-2018:2887) Important: qemu-kvm-rhev security update
2018-10-09 10:53:35
centos
centos
qemu security update
2019-09-27 12:14:41
redhatcve
redhatcve
CVE-2018-18954
2020-03-07 01:45:31
CVE-2018-16847
2020-01-21 15:42:22
CVE-2018-19364
2020-04-08 21:46:53
prion
prion
Heap overflow
2018-11-02 22:29:00
Cross site scripting
2018-11-15 20:29:00
Code injection
2018-10-09 22:29:00
cve
cve
CVE-2018-17958
2018-10-09 22:29:00
CVE-2018-16847
2018-11-02 22:29:00
CVE-2018-18954
2018-11-15 20:29:00
debiancve
debiancve
CVE-2018-16847
2018-11-02 22:29:00
CVE-2018-18954
2018-11-15 20:29:00
CVE-2018-17962
2018-10-09 22:29:00
ubuntucve
ubuntucve
CVE-2018-16847
2018-11-02 00:00:00
CVE-2018-18954
2018-11-15 00:00:00
CVE-2018-17963
2018-10-09 00:00:00
veracode
veracode
Denial Of Service (Dos)
2019-08-10 00:07:07
Use-After-Free
2020-09-21 06:24:21
Denial Of Service (Dos)
2019-08-10 00:07:07
f5
f5
K48641455 : QEMU buffer-overflow vulnerability CVE-2018-17962
2021-01-06 00:00:00
K51428664 : QEMU vulnerability CVE-2018-11806
2020-12-31 00:00:00
zdi
zdi
Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
2018-06-07 00:00:00
zdt
zdt
QEMU Guest Agent 2.12.50 - Denial of Service Vulnerability
2018-06-22 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.141 Low

EPSS

Percentile

95.6%

JSON
Related for USN-3826-1
nessus54openvas46fedora5suse6osv13debian4oraclelinux5redhat5centos1redhatcve9prion10cve9debiancve10ubuntucve10veracode8f52zdi1zdt1