Vulnerability Name:

CVE-2018-7550

Assigned:2018-02-27
Published:2018-02-27
Updated:2018-05-17
Summary:The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
CVSS v3 Severity:8.8 High (CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
References:Source: BID
Type: VENDOR_ADVISORY
103181

Source: REDHAT
Type: UNKNOWN
RHSA-2018:1369

Source: CONFIRM
Type: VENDOR_ADVISORY
https://bugzilla.redhat.com/show_bug.cgi?id=1549798

Source: XF
Type: UNKNOWN
qemu-cve20187550-code-exec(139873)

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20180417 [SECURITY] [DLA 1350-1] qemu-kvm security update

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20180417 [SECURITY] [DLA 1351-1] qemu security update

Source: MLIST
Type: PATCH
[qemu-devel] 20180228 [PATCH] multiboot: check mh_load_end_addr address field

Source: UBUNTU
Type: UNKNOWN
USN-3649-1

Vulnerable Configuration:Configuration 1:
  • cpe:/a:qemu:qemu:-:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:qemu:qemu:*:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20187550
    V
    CVE-2018-7550
    2018-05-25
    oval:com.ubuntu.artful:def:20187550000
    V
    CVE-2018-7550 on Ubuntu 17.10 (artful) - medium.
    2018-03-01
    oval:com.ubuntu.trusty:def:20187550000
    V
    CVE-2018-7550 on Ubuntu 14.04 LTS (trusty) - medium.
    2018-03-01
    oval:com.ubuntu.xenial:def:20187550000
    V
    CVE-2018-7550 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-03-01
    BACK
    qemu qemu -
    qemu qemu *