CVE 2018-20815
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
Related bugs and status
CVE-2018-20815 (Candidate) is related to these bugs:
Bug #1782206: KVM enable SnowRidge Accelerator Interfacing Architecture (AIA)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1782206 | KVM enable SnowRidge Accelerator Interfacing Architecture (AIA) | xen (Ubuntu) | Wishlist | Incomplete | ||
| 1782206 | KVM enable SnowRidge Accelerator Interfacing Architecture (AIA) | qemu (Ubuntu) | Wishlist | Fix Released | ||
| 1782206 | KVM enable SnowRidge Accelerator Interfacing Architecture (AIA) | linux (Ubuntu) | Wishlist | Triaged | ||
Bug #1812822: Guest crashed when detaching the ovs interface device
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1812822 | Guest crashed when detaching the ovs interface device | Ubuntu on IBM z Systems | Medium | Fix Released | ||
| 1812822 | Guest crashed when detaching the ovs interface device | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1812822 | Guest crashed when detaching the ovs interface device | linux (Ubuntu) | Undecided | Invalid | ||
Bug #1828038: [19.10 FEAT] Update hardware CPU Model z14
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1828038 | [19.10 FEAT] Update hardware CPU Model z14 | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1828038 | [19.10 FEAT] Update hardware CPU Model z14 | Ubuntu on IBM z Systems | High | Fix Released | ||
Bug #1829380: race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu (fix regression)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1829380 | race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu (fix regression) | qemu (Ubuntu) | Undecided | Invalid | ||
| 1829380 | race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu (fix regression) | qemu (Ubuntu Xenial) | Medium | Fix Released | ||
| 1829380 | race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu (fix regression) | Ubuntu Cloud Archive | Undecided | Invalid | ||
| 1829380 | race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu (fix regression) | Ubuntu Cloud Archive mitaka | Medium | Fix Released | ||
| 1829380 | race condition between vhost_net_stop and CHR_EVENT_CLOSED on shutdown crashes qemu (fix regression) | Ubuntu Cloud Archive ocata | Medium | Fix Released | ||
Bug #1830238: [19.10 FEAT] zKVM: Add hardware CPU Model - qemu part
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1830238 | [19.10 FEAT] zKVM: Add hardware CPU Model - qemu part | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1830238 | [19.10 FEAT] zKVM: Add hardware CPU Model - qemu part | Ubuntu on IBM z Systems | High | Fix Released | ||
Bug #1830243: [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1830243 | [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1830243 | [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu | Ubuntu on IBM z Systems | High | Fix Released | ||
| 1830243 | [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu | qemu (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1830243 | [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu | qemu (Ubuntu Eoan) | Undecided | Fix Released | ||
| 1830243 | [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu | qemu (Ubuntu Xenial) | Undecided | Fix Released | ||
| 1830243 | [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu | qemu (Ubuntu Disco) | Undecided | Fix Released | ||
| 1830243 | [19.10 FEAT] KVM: Secure Linux Boot Toleration - qemu | qemu (Ubuntu Cosmic) | Undecided | Won't Fix | ||
Bug #1832622: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3)
Bug #1834113: QEMU touchpad input erratic after wakeup from sleep
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1834113 | QEMU touchpad input erratic after wakeup from sleep | qemu (Ubuntu) | Low | Expired | ||
| 1834113 | QEMU touchpad input erratic after wakeup from sleep | QEMU | Undecided | Expired | ||
| 1834113 | QEMU touchpad input erratic after wakeup from sleep | libvirt (Ubuntu) | Low | Expired | ||
Bug #1847806: eoan: ppc64el install on pseries-eoan VM fails to install
Bug #1852744: [20.04 FEAT] zKVM: Crypto Passthrough Interrupt Support - qemu part
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1852744 | [20.04 FEAT] zKVM: Crypto Passthrough Interrupt Support - qemu part | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1852744 | [20.04 FEAT] zKVM: Crypto Passthrough Interrupt Support - qemu part | Ubuntu on IBM z Systems | High | Fix Released | ||
Bug #1857033: qemu kvm add Cooper Lake cpu model
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1857033 | qemu kvm add Cooper Lake cpu model | qemu (Ubuntu) | Undecided | Fix Released | ||
Bug #1859527: vring_get_region_caches: Assertion `caches != NULL' failed.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1859527 | vring_get_region_caches: Assertion `caches != NULL' failed. | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1859527 | vring_get_region_caches: Assertion `caches != NULL' failed. | qemu (Ubuntu Focal) | Undecided | Fix Released | ||
| 1859527 | vring_get_region_caches: Assertion `caches != NULL' failed. | qemu (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1859527 | vring_get_region_caches: Assertion `caches != NULL' failed. | qemu (Ubuntu Disco) | Undecided | Won't Fix | ||
| 1859527 | vring_get_region_caches: Assertion `caches != NULL' failed. | qemu (Ubuntu Eoan) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
