Bugzilla – Bug 1083292
VUL-0: CVE-2018-7550 xen: i386: multiboot OOB access while loading kernel image
Last modified: 2018-05-18 15:58:25 UTC
+++ This bug was initially created as a clone of Bug #1083291 +++ Quick Emulator(QEMU) built with the PC System Emulator with multiboot feature support is vulnerable to an OOB r/w memory access issue. It could occur while loading a kernel image during a guest boot if muliboot head addresses mh_load_end_addr was greater than mh_bss_end_addr. A user/process could use this flaw to potentially achieve arbitrary code execution on a host. Patch: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html SLE 11 SP{34} affected according to the code. References: https://bugzilla.redhat.com/show_bug.cgi?id=1549798 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7550
Patches for this bug have been submitted for the following distros, SUSE:SLE-11-SP3:Update SUSE:SLE-11-SP3:Update:Teradata SUSE:SLE-11-SP4:Update SUSE:SLE-12:Update SUSE:SLE-12-SP1:Update
SUSE-SU-2018:1177-1: An update that solves four vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 1027519,1057493,1072834,1083292,1086107,1089152,1089635,1090820,1090822,1090823 CVE References: CVE-2018-10471,CVE-2018-10472,CVE-2018-7550,CVE-2018-8897 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): xen-4.4.4_30-22.65.1
SUSE-SU-2018:1181-1: An update that solves four vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1027519,1035442,1057493,1072834,1083292,1086107,1089152,1089635,1090820,1090822,1090823 CVE References: CVE-2018-10471,CVE-2018-10472,CVE-2018-7550,CVE-2018-8897 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): xen-4.4.4_30-61.26.1 SUSE Linux Enterprise Server 11-SP4 (src): xen-4.4.4_30-61.26.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): xen-4.4.4_30-61.26.1
SUSE-SU-2018:1202-1: An update that solves four vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1027519,1083292,1089152,1089635,1090820,1090822,1090823 CVE References: CVE-2018-10471,CVE-2018-10472,CVE-2018-7550,CVE-2018-8897 Sources used: SUSE OpenStack Cloud 6 (src): xen-4.5.5_24-22.46.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): xen-4.5.5_24-22.46.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): xen-4.5.5_24-22.46.1
SUSE-SU-2018:1203-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1083292,1089152,1089635,1090820,1090822,1090823 CVE References: CVE-2018-10471,CVE-2018-10472,CVE-2018-7550,CVE-2018-8897 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): xen-4.2.5_21-45.22.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): xen-4.2.5_21-45.22.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): xen-4.2.5_21-45.22.1
released