Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Qemu | Qemu | * | 2.10.2 (including) |
Red Hat Enterprise Linux 7 | RedHat | qemu-kvm-10:1.5.3-141.el7_4.4 | * |
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | RedHat | qemu-kvm-rhev-10:2.9.0-16.el7_4.11 | * |
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | RedHat | qemu-kvm-rhev-10:2.9.0-16.el7_4.11 | * |
Red Hat OpenStack Platform 10.0 (Newton) | RedHat | qemu-kvm-rhev-10:2.9.0-16.el7_4.11 | * |
Red Hat OpenStack Platform 11.0 (Ocata) | RedHat | qemu-kvm-rhev-10:2.9.0-16.el7_4.11 | * |
Red Hat OpenStack Platform 8.0 (Liberty) | RedHat | qemu-kvm-rhev-10:2.9.0-16.el7_4.11 | * |
Red Hat OpenStack Platform 9.0 (Mitaka) | RedHat | qemu-kvm-rhev-10:2.9.0-16.el7_4.11 | * |
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | qemu-kvm-rhev-10:2.9.0-16.el7_4.11 | * |
Qemu | Ubuntu | esm-infra-legacy/trusty | * |
Qemu | Ubuntu | esm-infra/xenial | * |
Qemu | Ubuntu | trusty | * |
Qemu | Ubuntu | trusty/esm | * |
Qemu | Ubuntu | xenial | * |
Qemu | Ubuntu | zesty | * |
Qemu-kvm | Ubuntu | precise/esm | * |