Wind River Support Network

HomeDefectsLIN10-5036

Fixed

LIN10-5036 : Security Advisory - qemu - CVE-2018-19364

Created: Nov 21, 2018 Updated: Jan 7, 2019

Resolved Date: Nov 22, 2018

Found In Version: 10.17.41.1

Fix Version: 10.17.41.13

Severity: Standard

Applicable for: Wind River Linux LTS 17

Component/s: Userspace

Description

A use-after-free flaw was found in the VirtFS, host directory sharing via Plan 9
File System(9pfs) support in QEMU. It could occur due to a race condition while accessing files on a shared host directory.

A user inside guest could use this flaw to crash the QEMU process resulting in DoS issue.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19364

Other Downloads

Wind River Linux LTS 10.17.41.13
Wind River Linux LTS 10.17.41.14
Wind River Linux LTS 10.17.41.15
Wind River Linux LTS 10.17.41.16
Wind River Linux LTS 10.17.41.17
Wind River Linux LTS 10.17.41.18
Wind River Linux LTS 10.17.41.20
Wind River Linux LTS 10.17.41.21
Wind River Linux LTS 10.17.41.22
Wind River Linux LTS 10.17.41.23
Wind River Linux LTS 10.17.41.24
Wind River Linux LTS 10.17.41.25
Wind River Linux LTS 10.17.41.26
Wind River Linux LTS 10.17.41.27

CVEs

CVE-2018-19364