CVE-2018-20815

Published: 31 December 2018

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

From the Ubuntu security team

Kurtis Miller discovered that a buffer overflow existed in QEMU when loading a device tree blob. A local attacker could use this to execute arbitrary code.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream
Released (91:3.1+dfsg-7)
Ubuntu 21.04 (Hirsute Hippo)
Released (1:3.1+dfsg-2ubuntu4)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1:3.1+dfsg-2ubuntu4)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:2.11+dfsg-1ubuntu7.13)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:2.5+dfsg-5ubuntu10.38)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.0.0+dfsg-2ubuntu1.46)
Patches:
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=da885fe1ee8b4589047484bd7fa05a4905b52b17
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist