Debian 8: DLA-1781-1 Critical: QEMU Buffer Overflow And Exploits
debian lts
May 9, 2019
Several vulnerabilities were found in QEMU, a fast processor emulator: CVE-2018-11806
Summary
It was found that the SLiRP networking implementation could use a wrong
size when reallocating its buffers, which can be exploited by a
priviledged user on a guest to cause denial of service or possibly
arbitrary code execution on the host system.
CVE-2018-18849
It was found that the LSI53C895A SCSI Host Bus Adapter emulation was
susceptible to an out of bounds memory access, which could be leveraged
by a malicious guest user to crash the QEMU process.
CVE-2018-20815
A heap buffer overflow was found in the load_device_tree function,
which could be used by a malicious user to potentially execute
arbitrary code with the priviledges of the QEMU process.
CVE-2019-9824
William Bowling discovered that the SLiRP networking implementation did
not handle some messages properly, which could be triggered to leak
memory via crafted messages.
For Debian 8 "Jessie", these problems have been fixed in version
1:2.1+dfsg-12+deb8u11.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: qemu
Version: 1:2.1+dfsg-12+deb8u11
CVE ID: CVE-2018-11806 CVE-2018-18849 CVE-2018-20815 CVE-2019-9824
Debian Bug: 901017 912535
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!