BID:106298

QEMU 'hw/rdma/vmw/pvrdma_cmd.c' Multiple Local Denial of Service Vulnerabilities

CVE-2018-20125 | CVE-2018-20126 |

Info

QEMU 'hw/rdma/vmw/pvrdma_cmd.c' Multiple Local Denial of Service Vulnerabilities

Bugtraq ID:	106298
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-20125 CVE-2018-20126
Remote:	No
Local:	Yes
Published:	Dec 19 2018 12:00AM
Updated:	Dec 19 2018 12:00AM
Credit:	Li Qiang
Vulnerable:	QEMU QEMU 0

Not Vulnerable:

Discussion

QEMU 'hw/rdma/vmw/pvrdma_cmd.c' Multiple Local Denial of Service Vulnerabilities

QEMU is prone to multiple denial-of-service vulnerabilities.

Attackers can exploit these issues cause a denial-of-service condition, denying service to legitimate users.

Exploit / POC

QEMU 'hw/rdma/vmw/pvrdma_cmd.c' Multiple Local Denial of Service Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

QEMU 'hw/rdma/vmw/pvrdma_cmd.c' Multiple Local Denial of Service Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

QEMU 'hw/rdma/vmw/pvrdma_cmd.c' Multiple Local Denial of Service Vulnerabilities

References:

QEMU Homepage (QEMU)
[Qemu-devel] [PATCH v2 3/6] pvrdma: check number of pages when creating (GNU)
[Qemu-devel] [PATCH v2 4/6] pvrdma: release ring object (GNU)
Bug 1660747 CVE-2018-20125 QEMU: pvrdma: null dereference or excessive memory (Redhat)
Bug 1660751 CVE-2018-20126 QEMU: pvrdma: memory leakage when creating cq/qp (Redhat)
CVE-2018-20125 (Redhat)
CVE-2018-20125 QEMU: pvrdma: null dereference or excessive memory (Openwall)
CVE-2018-20126 (Redhat)
CVE-2018-20126 QEMU: pvrdma: memory leakage when creating cq/qp (Openwall)