The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
The product reads data past the end, or before the beginning, of the intended buffer.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Qemu | Qemu | * | 2.11.1 (including) |
Red Hat Enterprise Linux 6 | RedHat | qemu-kvm-2:0.12.1.2-2.506.el6_10.1 | * |
Red Hat Enterprise Linux 7 | RedHat | qemu-kvm-10:1.5.3-156.el7 | * |
Red Hat OpenStack Platform 10.0 (Newton) | RedHat | qemu-kvm-rhev-10:2.10.0-21.el7 | * |
Red Hat OpenStack Platform 11.0 (Ocata) | RedHat | qemu-kvm-rhev-10:2.10.0-21.el7 | * |
Red Hat OpenStack Platform 12.0 (Pike) | RedHat | qemu-kvm-rhev-10:2.10.0-21.el7 | * |
Red Hat OpenStack Platform 8.0 (Liberty) | RedHat | qemu-kvm-rhev-10:2.10.0-21.el7 | * |
Red Hat OpenStack Platform 9.0 (Mitaka) | RedHat | qemu-kvm-rhev-10:2.10.0-21.el7 | * |
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | qemu-kvm-rhev-10:2.10.0-21.el7 | * |
Qemu | Ubuntu | artful | * |
Qemu | Ubuntu | bionic | * |
Qemu | Ubuntu | cosmic | * |
Qemu | Ubuntu | devel | * |
Qemu | Ubuntu | disco | * |
Qemu | Ubuntu | eoan | * |
Qemu | Ubuntu | esm-infra-legacy/trusty | * |
Qemu | Ubuntu | esm-infra/bionic | * |
Qemu | Ubuntu | esm-infra/focal | * |
Qemu | Ubuntu | esm-infra/xenial | * |
Qemu | Ubuntu | focal | * |
Qemu | Ubuntu | groovy | * |
Qemu | Ubuntu | hirsute | * |
Qemu | Ubuntu | trusty | * |
Qemu | Ubuntu | trusty/esm | * |
Qemu | Ubuntu | xenial | * |
Qemu-kvm | Ubuntu | precise/esm | * |