Wind River Support Network

HomeDefectsLIN9-7776
Fixed

LIN9-7776 : Security Advisory - qemu - CVE-2018-19364

Created: Nov 21, 2018    Updated: Jan 7, 2019
Resolved Date: Nov 22, 2018
Previous ID: LIN8-10113
Found In Version: 9.0.0.18
Fix Version: 9.0.0.19
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

A use-after-free flaw was found in the VirtFS, host directory sharing via Plan 9
File System(9pfs) support in QEMU. It could occur due to a race condition while accessing files on a shared host directory.

A user inside guest could use this flaw to crash the QEMU process resulting in DoS issue.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19364

Other Downloads


CVEs


Live chat
Online