Wind River Support Network

HomeDefectsLIN10-5036
Fixed

LIN10-5036 : Security Advisory - qemu - CVE-2018-19364

Created: Nov 21, 2018    Updated: Jan 7, 2019
Resolved Date: Nov 22, 2018
Found In Version: 10.17.41.1
Fix Version: 10.17.41.13
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

A use-after-free flaw was found in the VirtFS, host directory sharing via Plan 9
File System(9pfs) support in QEMU. It could occur due to a race condition while accessing files on a shared host directory.

A user inside guest could use this flaw to crash the QEMU process resulting in DoS issue.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19364

Other Downloads


CVEs


Live chat
Online