[oss-security] 20180309 CVE-2018-7858 Qemu: cirrus: OOB access when updating vga display

103350

RHSA-2018:1369

RHSA-2018:1416

RHSA-2018:2162

https://bugzilla.redhat.com/show_bug.cgi?id=1553402

[qemu-devel] 20180308 [PATCH] vga: fix region calculation

USN-3649-1

This update for qemu fixes the following issues :

Security vulnerabilities addressed :

CVE-2019-6778: Fixed an out-of-bounds access in slirp (bsc#1123156)

CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493)

CVE-2018-19489: Fixed a Denial-of-Service in virtfs (bsc#1117275)

CVE-2018-19364: Fixed an use-after-free vulnerability if virtfs interface is deliberately abused (bsc#1116717)

CVE-2018-18954: Fixed an out-of-bounds access performing PowerNV memory operations (bsc#1114957)

CVE-2017-13673: Fixed a reachable assert failure during during display update (bsc#1056386)

CVE-2017-13672: Fixed an out-of-bounds read access during display update (bsc#1056334)

CVE-2018-7858: Fixed an out-of-bounds access in cirrus when updating vga display allowing for Denial-of-Service (bsc#1084604)

Other bug fixes and changes: Fix pwrite64/pread64/write to return 0 over -1 for a zero length NULL buffer in qemu (bsc#1121600)

Fix bad guest time after migration (bsc#1113231)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for qemu fixes the following issues :

Security issues fixed :

CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation (bsc#1123156).

CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp (bsc#1119493).

CVE-2018-19489: Fixed a denial of service vulnerability in virtfs (bsc#1117275).

CVE-2018-19364: Fixed a use-after-free if the virtfs interface resulting in a denial of service (bsc#1116717).

CVE-2018-7858: Fixed a denial of service which could occur while updating the VGA display, after guest has adjusted the display dimensions (bsc#1084604).

CVE-2017-13673: Fixed a denial of service in the cpu_physical_memory_snapshot_get_dirty function.

CVE-2017-13672: Fixed a denial of service via vectors involving display update.

Non-security issues fixed: Fixed bad guest time after migration (bsc#1113231).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the remote Junos Space version is prior to 18.3R1. It is, therefore, affected by multiple vulnerabilities:

  - A use after free vulnerability exists in the    do_get_mempolicy function. An local attacker can exploit    this to cause a denial of service condition.
   (CVE-2018-10675)

  - A malicious authenticated user may be able to delete a     device from the Junos Space database without the     privileges through crafted Ajax interactions from     another legitimate delete action performed by an     administrative user. (CVE-2019-0016)

  - A flaw in validity checking of image files uploaded     to Junos Space could allow an attacker to upload     malicious scripts or images. (CVE-2019-0017)

Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es) :

* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

* QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858)

* QEMU: vga: OOB read access during display update (CVE-2017-13672)

* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Ross Lagerwall (Citrix.com) for reporting CVE-2018-7858; David Buchanan for reporting CVE-2017-13672; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683.

The remote OracleVM system is missing necessary patches to address critical security updates :

  -     qemu-kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018
    -3639.patch 

  -     qemu-kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-i     t-CVE.patch 

  -     qemu-kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit
    -CVE-.patch 

  - Resolves: bz#1574074 (CVE-2018-3639 qemu-kvm: hw: cpu:
    speculative store bypass [rhel-6.10.z])

  - kvm-vga-add-share_surface-flag.patch [bz#1553674]

  - kvm-vga-add-sanity-checks.patch [bz#1553674]

  - Resolves: bz#1553674 (CVE-2018-7858 qemu-kvm: Qemu:
    cirrus: OOB access when updating vga display [rhel-6])

  - kvm-target-i386-add-support-for-SPEC_CTRL-MSR.patch     [bz#1525939 bz#1528024]

  -     kvm-target-i386-cpu-add-new-CPUID-bits-for-indirect-bran     .patch 

  -     kvm-target-i386-cpu-add-new-CPU-models-for-indirect-bran     .patch 

  -     kvm-cirrus-fix-oob-access-in-mode4and5-write-functions.p     atch [bz#1501298]

  -     kvm-vga-stop-passing-pointers-to-vga_draw_line-functions     .patch 

  -     kvm-vga-check-the-validation-of-memory-addr-when-draw-te     .patch 

  - Resolves: bz#1486641 (CVE-2017-13672 qemu-kvm-rhev:
    Qemu: vga: OOB read access during display update     [rhel-6.10])

  - Resolves: bz#1501298 (CVE-2017-15289 qemu-kvm: Qemu:
    cirrus: OOB access issue in mode4and5 write functions     [rhel-6.10])

  - Resolves: bz#1525939 (CVE-2017-5715 qemu-kvm: hw: cpu:
    speculative execution branch target injection     [rhel-6.10])

  - Resolves: bz#1528024 (CVE-2017-5715 qemu-kvm-rhev: hw:
    cpu: speculative execution branch target injection     [rhel-6.10])

  - Resolves: bz#1534692 (CVE-2018-5683 qemu-kvm: Qemu:
    Out-of-bounds read in vga_draw_text routine [rhel-6.10])

  - Resolves: bz#1549152 (qemu-kvm-rhev: remove unused patch     file [rhel-6.10])

  - kvm-vns-tls-don-t-use-depricated-gnutls-functions.patch     [bz#1428750]

  - kvm-vnc-apply-display-size-limits.patch [bz#1430616     bz#1430617]

  -     kvm-fix-cirrus_vga-fix-OOB-read-case-qemu-Segmentation-f     .patch 

  -     kvm-cirrus-vnc-zap-bitblit-support-from-console-code.pat     ch [bz#1443448 bz#1443450 bz#1447542 bz#1447545]

  - kvm-cirrus-avoid-write-only-variables.patch [bz#1444378     bz#1444380]

  -     kvm-cirrus-stop-passing-around-dst-pointers-in-the-blitt     .patch 

  -     kvm-cirrus-stop-passing-around-src-pointers-in-the-blitt     .patch 

  -     kvm-cirrus-fix-off-by-one-in-cirrus_bitblt_rop_bkwd_tran     .patch 

  - kvm-cirrus-fix-PUTPIXEL-macro.patch [bz#1444378     bz#1444380]

  - Resolves: bz#1428750 (Fails to build in brew)

  - Resolves: bz#1430616 (CVE-2017-2633 qemu-kvm: Qemu: VNC:
    memory corruption due to unchecked resolution limit     [rhel-6.10])

  - Resolves: bz#1430617 (CVE-2017-2633 qemu-kvm-rhev: Qemu:
    VNC: memory corruption due to unchecked resolution limit     [rhel-6.10])

  - Resolves: bz#1443448 (CVE-2017-7718 qemu-kvm: Qemu:
    display: cirrus: OOB read access issue [rhel-6.10])

  - Resolves: bz#1443450 (CVE-2017-7718 qemu-kvm-rhev: Qemu:
    display: cirrus: OOB read access issue [rhel-6.10])

  - Resolves: bz#1444378 (CVE-2017-7980 qemu-kvm: Qemu:
    display: cirrus: OOB r/w access issues in bitblt     routines [rhel-6.10])

  - Resolves: bz#1444380 (CVE-2017-7980 qemu-kvm-rhev: Qemu:
    display: cirrus: OOB r/w access issues in bitblt     routines [rhel-6.10])

  - Resolves: bz#1447542 (CVE-2016-9603 qemu-kvm: Qemu:
    cirrus: heap buffer overflow via vnc connection     [rhel-6.10])

  - Resolves: bz#1447545 (CVE-2016-9603 qemu-kvm-rhev: Qemu:
    cirrus: heap buffer overflow via vnc connection     [rhel-6.10])

Security Fix(es) :

  - An industry-wide issue was found in the way many modern     microprocessor designs have implemented speculative     execution of Load &amp; Store instructions (a commonly     used performance optimization). It relies on the     presence of a precisely-defined instruction sequence in     the privileged code as well as the fact that memory read     from address to which a recent memory write has occurred     may see an older value and subsequently cause an update     into the microprocessor's data cache even for     speculatively executed instructions that never actually     commit (retire). As a result, an unprivileged attacker     could use this flaw to read privileged memory by     conducting targeted cache side-channel attacks.
    (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

  - QEMU: cirrus: OOB access when updating VGA display     (CVE-2018-7858)

  - QEMU: vga: OOB read access during display update     (CVE-2017-13672)

  - Qemu: Out-of-bounds read in vga_draw_text routine     (CVE-2018-5683)

From Red Hat Security Advisory 2018:2162 :

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es) :

* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)

Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation.

* QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858)

* QEMU: vga: OOB read access during display update (CVE-2017-13672)

* Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Ross Lagerwall (Citrix.com) for reporting CVE-2018-7858; David Buchanan for reporting CVE-2017-13672; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683.

According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - QEMU (aka Quick Emulator), when built with the VGA     display emulator support, allows local guest OS     privileged users to cause a denial of service     (out-of-bounds read and QEMU process crash) via vectors     involving display update.(CVE-2017-13672)

  - Use-after-free vulnerability in the sofree function in     slirp/socket.c in QEMU (aka Quick Emulator) allows     attackers to cause a denial of service (QEMU instance     crash) by leveraging failure to properly clear ifq_so     from pending packets.(CVE-2017-13711)

  - VNC server implementation in Quick Emulator (QEMU)     2.11.0 and older was found to be vulnerable to an     unbounded memory allocation issue, as it did not     throttle the framebuffer updates sent to its client. If     the client did not consume these updates, VNC server     allocates growing memory to hold onto this data. A     malicious remote VNC client could use this flaw to     cause DoS to the server host.(CVE-2017-15124)

  - Qemu through 2.10.0 allows remote attackers to cause a     memory leak by triggering slow data-channel read     operations, related to     io/channel-websock.c.(CVE-2017-15268)

  - The vga_draw_text function in Qemu allows local OS     guest privileged users to cause a denial of service     (out-of-bounds read and QEMU process crash) by     leveraging improper memory address     validation.(CVE-2018-5683)

  - An industry-wide issue was found in the way many modern     microprocessor designs have implemented speculative     execution of Load & Store instructions (a commonly used     performance optimization). It relies on the presence of     a precisely-defined instruction sequence in the     privileged code as well as the fact that memory read     from address to which a recent memory write has     occurred may see an older value and subsequently cause     an update into the microprocessor's data cache even for     speculatively executed instructions that never actually     commit (retire). As a result, an unprivileged attacker     could use this flaw to read privileged memory by     conducting targeted cache side-channel attacks.
    (CVE-2018-3639)

  - Quick Emulator (aka QEMU), when built with the Cirrus     CLGD 54xx VGA Emulator support, allows local guest OS     privileged users to cause a denial of service     (out-of-bounds access and QEMU process crash) by     leveraging incorrect region calculation when updating     VGA display.(CVE-2018-7858)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation.(CVE-2017-13672)

A memory leakage issue was found in the I/O channels websockets implementation of the Quick Emulator (QEMU). It could occur while sending screen updates to a client, which is slow to read and process them further. A privileged guest user could use this flaw to cause a denial of service on the host and/or potentially crash the QEMU process instance on the host.(CVE-2017-15268)

A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service.(CVE-2017-13711 )

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.(CVE-2018-7858)

VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.(CVE-2017-15124)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639)

An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS.(CVE-2018-5683)

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es) :

* QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Ross Lagerwall (Citrix.com) for reporting this issue.

According to the version of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Quick Emulator (aka QEMU), when built with the Cirrus     CLGD 54xx VGA Emulator support, allows local guest OS     privileged users to cause a denial of service     (out-of-bounds access and QEMU process crash) by     leveraging incorrect region calculation when updating     VGA display.(CVE-2018-7858)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the qemu-kvm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - QEMU (aka Quick Emulator), when built with the VGA     display emulator support, allows local guest OS     privileged users to cause a denial of service     (out-of-bounds read and QEMU process crash) via vectors     involving display update.(CVE-2017-13672)

  - Use-after-free vulnerability in the sofree function in     slirp/socket.c in QEMU (aka Quick Emulator) allows     attackers to cause a denial of service (QEMU instance     crash) by leveraging failure to properly clear ifq_so     from pending packets.(CVE-2017-13711)

  - VNC server implementation in Quick Emulator (QEMU)     2.11.0 and older was found to be vulnerable to an     unbounded memory allocation issue, as it did not     throttle the framebuffer updates sent to its client. If     the client did not consume these updates, VNC server     allocates growing memory to hold onto this data. A     malicious remote VNC client could use this flaw to     cause DoS to the server host.(CVE-2017-15124)

  - Qemu through 2.10.0 allows remote attackers to cause a     memory leak by triggering slow data-channel read     operations, related to     io/channel-websock.c.(CVE-2017-15268)

  - The vga_draw_text function in Qemu allows local OS     guest privileged users to cause a denial of service     (out-of-bounds read and QEMU process crash) by     leveraging improper memory address     validation.(CVE-2018-5683)

  - Quick Emulator (aka QEMU), when built with the Cirrus     CLGD 54xx VGA Emulator support, allows local guest OS     privileged users to cause a denial of service     (out-of-bounds access and QEMU process crash) by     leveraging incorrect region calculation when updating     VGA display.(CVE-2018-7858)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2017-16845)

Cyrille Chatras discovered that QEMU incorrectly handled multiboot. An attacker could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2018-7550)

Ross Lagerwall discovered that QEMU incorrectly handled the Cirrus VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-7858).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security Fix(es) :

  - QEMU: cirrus: OOB access when updating VGA display     (CVE-2018-7858)

From Red Hat Security Advisory 2018:1416 :

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

Security Fix(es) :

* QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Ross Lagerwall (Citrix.com) for reporting this issue.

An update for qemu-kvm-rhev is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.

Security Fix(es) :

* QEMU: i386: multiboot OOB access while loading kernel image (CVE-2018-7550)

* QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Cyrille Chatras (Orange.com) and CERT-CC (Orange.com) for reporting CVE-2018-7550 and Ross Lagerwall (Citrix.com) for reporting CVE-2018-7858.

Bug Fix(es) :

* In certain Red Hat Virtualization (RHV) guest configurations, virtual pass-through devices could not be removed properly. A reference count leak in the QEMU emulator has been removed, and the affected devices are now removed reliably. (BZ#1555213)

* Previously, a raw disk image that was using the '--preallocation=full' option in some cases could not be resized. This problem has been fixed and no longer occurs. (BZ#1566587)

* Due to race conditions in the virtio-blk and virtio-scsi services, the QEMU emulator sometimes terminated unexpectedly when shutting down. The race conditions have been removed, and QEMU now exits gracefully. (BZ#1566586)

* Prior to this update, deleting guest snapshots using the RHV GUI in some cases failed due to an incorrect image-seeking algorithm. This update fixes the underlying code, and guest snapshots in RHV can now be deleted successfully. (BZ#1566369)

ID	Name	Product	Family	Severity
122776	SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2019:0582-1)	Nessus	SuSE Local Security Checks	medium
122471	SUSE SLES12 Security Update : qemu (SUSE-SU-2019:0489-1)	Nessus	SuSE Local Security Checks	medium
121067	Juniper Junos Space < 18.3R1 Multiple Vulnerabilities (JSA10917)	Nessus	Junos Local Security Checks	high
111076	CentOS 6 : qemu-kvm (CESA-2018:2162) (Spectre)	Nessus	CentOS Local Security Checks	medium
111023	OracleVM 3.4 : qemu-kvm (OVMSA-2018-0238) (Spectre)	Nessus	OracleVM Local Security Checks	high
111003	Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (Spectre)	Nessus	Scientific Linux Local Security Checks	medium
111000	RHEL 6 : qemu-kvm (RHSA-2018:2162) (Spectre)	Nessus	Red Hat Local Security Checks	medium
110995	Oracle Linux 6 : qemu-kvm (ELSA-2018-2162) (Spectre)	Nessus	Oracle Linux Local Security Checks	medium
110865	EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2018-1201)	Nessus	Huawei Local Security Checks	high
110457	Amazon Linux AMI : qemu-kvm (ALAS-2018-1034) (Spectre)	Nessus	Amazon Linux Local Security Checks	high
110451	Amazon Linux 2 : qemu-kvm (ALAS-2018-1034) (Spectre)	Nessus	Amazon Linux Local Security Checks	high
110249	CentOS 7 : qemu-kvm (CESA-2018:1416)	Nessus	CentOS Local Security Checks	low
110149	EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2018-1145)	Nessus	Huawei Local Security Checks	low
110148	EulerOS 2.0 SP1 : qemu-kvm (EulerOS-SA-2018-1144)	Nessus	Huawei Local Security Checks	high
109894	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : qemu vulnerabilities (USN-3649-1)	Nessus	Ubuntu Local Security Checks	high
109854	Scientific Linux Security Update : qemu-kvm on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	low
109836	RHEL 7 : qemu-kvm (RHSA-2018:1416)	Nessus	Red Hat Local Security Checks	low
109811	Oracle Linux 7 : qemu-kvm (ELSA-2018-1416)	Nessus	Oracle Linux Local Security Checks	low
109755	RHEL 7 : qemu-kvm-rhev (RHSA-2018:1369)	Nessus	Red Hat Local Security Checks	medium

CVE-2018-7858

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins