Wind River Support Network

HomeDefectsLIN8-10112
Fixed

LIN8-10112 : Security Advisory - qemu - CVE-2018-19364

Created: Nov 21, 2018    Updated: Jan 7, 2019
Resolved Date: Nov 26, 2018
Found In Version: 8.0
Fix Version: 8.0.0.28
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

A use-after-free flaw was found in the VirtFS, host directory sharing via Plan 9
File System(9pfs) support in QEMU. It could occur due to a race condition while accessing files on a shared host directory.

A user inside guest could use this flaw to crash the QEMU process resulting in DoS issue.

Upstream patch:
---------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19364

Other Downloads


CVEs


Live chat
Online