CVE-2018-12617

MEDIUM

Description

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.

References

http://www.securityfocus.com/bid/104531

https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6

https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html

https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html

https://seclists.org/bugtraq/2019/May/76

https://usn.ubuntu.com/3826-1/

https://www.debian.org/security/2019/dsa-4454

https://www.exploit-db.com/exploits/44925/

Details

Source: MITRE

Published: 2018-06-21

Updated: 2020-11-19

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
147700EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2021-1667)NessusHuawei Local Security Checks
medium
147523EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2021-1632)NessusHuawei Local Security Checks
medium
137489EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2020-1647)NessusHuawei Local Security Checks
high
129182EulerOS 2.0 SP5 : qemu-kvm (EulerOS-SA-2019-1988)NessusHuawei Local Security Checks
high
125609Debian DSA-4454-1 : qemu - security updateNessusDebian Local Security Checks
high
124947EulerOS Virtualization 3.0.1.0 : qemu (EulerOS-SA-2019-1444)NessusHuawei Local Security Checks
high
124908EulerOS Virtualization for ARM 64 3.0.1.0 : qemu-kvm (EulerOS-SA-2019-1405)NessusHuawei Local Security Checks
high
123294openSUSE Security Update : qemu (openSUSE-2019-683)NessusSuSE Local Security Checks
medium
122511Debian DLA-1694-1 : qemu security updateNessusDebian Local Security Checks
medium
120533Fedora 28 : 2:qemu (2018-74fb8b257b)NessusFedora Local Security Checks
high
120094SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2018:2679-1)NessusSuSE Local Security Checks
medium
119216Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : QEMU vulnerabilities (USN-3826-1)NessusUbuntu Local Security Checks
high
118870openSUSE Security Update : qemu (openSUSE-2018-1364) (Spectre)NessusSuSE Local Security Checks
high
118502SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:3555-1) (Spectre)NessusSuSE Local Security Checks
high
118297SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2973-2) (Spectre)NessusSuSE Local Security Checks
high
117900SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2973-1) (Spectre)NessusSuSE Local Security Checks
high
117475openSUSE Security Update : qemu (openSUSE-2018-996)NessusSuSE Local Security Checks
medium
117386SUSE SLES11 Security Update : kvm (SUSE-SU-2018:2650-1) (Spectre)NessusSuSE Local Security Checks
high
112287SUSE SLES11 Security Update : kvm (SUSE-SU-2018:2615-1) (Spectre)NessusSuSE Local Security Checks
high
112204SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2565-1) (Spectre)NessusSuSE Local Security Checks
high
112201SUSE SLES12 Security Update : qemu (SUSE-SU-2018:2556-1) (Spectre)NessusSuSE Local Security Checks
high
112147SUSE SLES11 Security Update : xen (SUSE-SU-2018:2528-1) (Foreshadow) (Meltdown) (Spectre)NessusSuSE Local Security Checks
high
111371SUSE SLES12 Security Update : xen (SUSE-SU-2018:2069-1)NessusSuSE Local Security Checks
high
111346SUSE SLES12 Security Update : xen (SUSE-SU-2018:2056-1)NessusSuSE Local Security Checks
high
111261SUSE SLES11 Security Update : xen (SUSE-SU-2018:2037-1)NessusSuSE Local Security Checks
high