Launchpad CVE tracker

CVE 2018-5683

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

Related bugs and status

CVE-2018-5683 (Candidate) is related to these bugs:

Bug #1752761: framebuf STOP BSOD and performance regression ubuntu10.21 to ubuntu10.22

		In	Importance	Status
1752761	framebuf STOP BSOD and performance regression ubuntu10.21 to ubuntu10.22	qemu (Ubuntu)	Undecided	Invalid
1752761	framebuf STOP BSOD and performance regression ubuntu10.21 to ubuntu10.22	qemu (Ubuntu Xenial)	High	Fix Released
1752761	framebuf STOP BSOD and performance regression ubuntu10.21 to ubuntu10.22	qemu (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [Qemu-devel] 20180112 ...
MLIST: [oss-security] 2018011...
BID: 102518
UBUNTU: USN-3575-1
REDHAT: RHSA-2018:0816
REDHAT: RHSA-2018:1104
DEBIAN: DSA-4213
REDHAT: RHSA-2018:2162
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2018-5683

Related bugs and status

Related bugs

References