Home

CVE-2018-7550

Description

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.084

Associated Vulnerability

VulnerabilityOS Platform
Machine emulator and virtualizer (USN-3649-1) qemu_2.10+dfsg-0ubuntu3.6_amd64.debLinux
Machine emulator and virtualizer (USN-3649-1) qemu-system_2.10+dfsg-0ubuntu3.6_i386.debLinux
Machine emulator and virtualizer (USN-3649-1) qemu-system_2.5+dfsg-5ubuntu10.28_i386.debLinux
Machine emulator and virtualizer (USN-3649-1) qemu-system_2.5+dfsg-5ubuntu10.28_amd64.debLinux
Qemu-kvm security update (CESA-2018:2462) qemu-img-1.5.3-156.el7_5.5.x86_64.rpmLinux
Qemu-kvm security update (CESA-2018:2462) qemu-kvm-1.5.3-156.el7_5.5.x86_64.rpmLinux
Qemu-kvm security update (CESA-2018:2462) qemu-kvm-tools-1.5.3-156.el7_5.5.x86_64.rpmLinux
Qemu-kvm security update (CESA-2018:2462) qemu-kvm-common-1.5.3-156.el7_5.5.x86_64.rpmLinux
(RHSA-2018:2462) qemu-kvm security and bug fix update qemu-img-1.5.3-156.el7_5.5.x86_64.rpmLinux
(RHSA-2018:2462) qemu-kvm security and bug fix update qemu-kvm-1.5.3-156.el7_5.5.x86_64.rpmLinux
(RHSA-2018:2462) qemu-kvm security and bug fix update qemu-kvm-common-1.5.3-156.el7_5.5.x86_64.rpmLinux
(RHSA-2018:2462) qemu-kvm security and bug fix update qemu-kvm-tools-1.5.3-156.el7_5.5.x86_64.rpmLinux
qemu-kvm Security Update (ALAS-2018-1073) qemu-kvm-tools-1.5.3-156.amzn2.5.4.x86_64.rpmLinux
qemu-kvm Security Update (ALAS-2018-1073) qemu-kvm-common-1.5.3-156.amzn2.5.4.x86_64.rpmLinux
Out-of-bounds Read Vulnerability (CVE-2018-7550)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234