Wind River Support Network

HomeDefectsLIN9-7070
Fixed

LIN9-7070 : Security Advisory - qemu - CVE-2018-12617

Created: Jun 29, 2018    Updated: Dec 3, 2018
Resolved Date: Jul 15, 2018
Found In Version: 9.0.0.16
Fix Version: 9.0.0.17
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.

https://nvd.nist.gov/vuln/detail/CVE-2018-12617

Other Downloads


CVEs


Live chat
Online