CVE-2018-7858

EUVD-2018-19570
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
qemuqemu
𝑥
≤ 2.11.2
opensuseleap
42.3
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
jessie
not-affected
sid
1:9.1.1+ds-2
fixed
stretch
not-affected
trixie
1:9.1.1+ds-2
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
artful
Fixed 1:2.10+dfsg-0ubuntu3.6
released
bionic
Fixed 1:2.11+dfsg-1ubuntu7.1
released
trusty
not-affected
xenial
not-affected
qemu-kvm
artful
dne
bionic
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
http://www.openwall.com/lists/oss-security/2018/03/09/1
http://www.securityfocus.com/bid/103350
https://access.redhat.com/errata/RHSA-2018:1369
https://access.redhat.com/errata/RHSA-2018:1416
https://access.redhat.com/errata/RHSA-2018:2162
https://bugzilla.redhat.com/show_bug.cgi?id=1553402
https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
https://usn.ubuntu.com/3649-1/
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
http://www.openwall.com/lists/oss-security/2018/03/09/1
http://www.securityfocus.com/bid/103350
https://access.redhat.com/errata/RHSA-2018:1369
https://access.redhat.com/errata/RHSA-2018:1416
https://access.redhat.com/errata/RHSA-2018:2162
https://bugzilla.redhat.com/show_bug.cgi?id=1553402
https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
https://usn.ubuntu.com/3649-1/