CVE-2018-7550

moderate-risk
Published 2018-03-01

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

Do I need to act?

-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
LOCAL / LOW complexity

Affected Products (18)

Affected Vendors

Debian Redhat Canonical Qemu

References (22)

Third Party Advisory http://www.securityfocus.com/bid/103181
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1369
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2462
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1549798
https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-...
Mailing List https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html
Mailing List https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html
Mailing List https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Mailing List https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
Third Party Advisory https://usn.ubuntu.com/3649-1/
Third Party Advisory https://www.debian.org/security/2018/dsa-4213
Third Party Advisory http://www.securityfocus.com/bid/103181
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1369
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2462
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1549798
https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-...
Mailing List https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html
Mailing List https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html
Mailing List https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Mailing List https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
and 2 more references
46
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 0/34 · Minimal
Exposure 19/34 · Moderate