usn-3978-1
Vulnerability from osv_ubuntu
Published
2019-05-14 17:59
Modified
2026-06-01 07:03
Summary
qemu update
Details

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12130)

Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored in microarchitectural load ports of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12127)

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory previously stored in microarchitectural store buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2018-12126)

Kurtis Miller discovered that a buffer overflow existed in QEMU when loading a device tree blob. A local attacker could use this to execute arbitrary code. (CVE-2018-20815)

Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida discovered that uncacheable memory previously stored in microarchitectural buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. (CVE-2019-11091)

It was discovered that a NULL pointer dereference existed in the sun4u power device implementation in QEMU. A local attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.10 and Ubuntu 19.04. (CVE-2019-5008)

William Bowling discovered that an information leak existed in the SLiRP networking implementation of QEMU. An attacker could use this to expose sensitive information. (CVE-2019-9824)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2018-12126",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-12127",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-12130",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-20815",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-5008",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9824",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-11091",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "qemu",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-common",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-guest-agent",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-keymaps",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-kvm",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-system",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-system-aarch64",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-system-arm",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-system-common",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-system-mips",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-system-misc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-system-ppc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-system-sparc",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-system-x86",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-user",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-user-static",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          },
          {
            "binary_name": "qemu-utils",
            "binary_version": "2.0.0+dfsg-2ubuntu1.46"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "qemu",
        "purl": "pkg:deb/ubuntu/qemu@2.0.0+dfsg-2ubuntu1.46?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0+dfsg-2ubuntu1.46"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.5.0+dfsg-3ubuntu5",
        "1.5.0+dfsg-3ubuntu6",
        "1.6.0+dfsg-2ubuntu1",
        "1.6.0+dfsg-2ubuntu2",
        "1.6.0+dfsg-2ubuntu3",
        "1.6.0+dfsg-2ubuntu4",
        "1.7.0+dfsg-2ubuntu1",
        "1.7.0+dfsg-2ubuntu2",
        "1.7.0+dfsg-2ubuntu3",
        "1.7.0+dfsg-2ubuntu4",
        "1.7.0+dfsg-2ubuntu5",
        "1.7.0+dfsg-2ubuntu7",
        "1.7.0+dfsg-2ubuntu8",
        "1.7.0+dfsg-2ubuntu9",
        "1.7.0+dfsg-3ubuntu1~ppa1",
        "1.7.0+dfsg-3ubuntu1",
        "1.7.0+dfsg-3ubuntu2",
        "1.7.0+dfsg-3ubuntu3",
        "1.7.0+dfsg-3ubuntu4",
        "1.7.0+dfsg-3ubuntu5",
        "1.7.0+dfsg-3ubuntu6",
        "1.7.0+dfsg-3ubuntu7",
        "2.0.0~rc1+dfsg-0ubuntu1",
        "2.0.0~rc1+dfsg-0ubuntu2",
        "2.0.0~rc1+dfsg-0ubuntu3",
        "2.0.0~rc1+dfsg-0ubuntu3.1",
        "2.0.0+dfsg-2ubuntu1",
        "2.0.0+dfsg-2ubuntu1.1",
        "2.0.0+dfsg-2ubuntu1.2",
        "2.0.0+dfsg-2ubuntu1.3",
        "2.0.0+dfsg-2ubuntu1.5",
        "2.0.0+dfsg-2ubuntu1.6",
        "2.0.0+dfsg-2ubuntu1.7",
        "2.0.0+dfsg-2ubuntu1.8",
        "2.0.0+dfsg-2ubuntu1.9",
        "2.0.0+dfsg-2ubuntu1.10",
        "2.0.0+dfsg-2ubuntu1.11",
        "2.0.0+dfsg-2ubuntu1.13",
        "2.0.0+dfsg-2ubuntu1.14",
        "2.0.0+dfsg-2ubuntu1.15",
        "2.0.0+dfsg-2ubuntu1.16",
        "2.0.0+dfsg-2ubuntu1.17",
        "2.0.0+dfsg-2ubuntu1.18",
        "2.0.0+dfsg-2ubuntu1.19",
        "2.0.0+dfsg-2ubuntu1.20",
        "2.0.0+dfsg-2ubuntu1.21",
        "2.0.0+dfsg-2ubuntu1.22",
        "2.0.0+dfsg-2ubuntu1.24",
        "2.0.0+dfsg-2ubuntu1.25",
        "2.0.0+dfsg-2ubuntu1.26",
        "2.0.0+dfsg-2ubuntu1.27",
        "2.0.0+dfsg-2ubuntu1.28",
        "2.0.0+dfsg-2ubuntu1.29",
        "2.0.0+dfsg-2ubuntu1.30",
        "2.0.0+dfsg-2ubuntu1.31",
        "2.0.0+dfsg-2ubuntu1.32",
        "2.0.0+dfsg-2ubuntu1.33",
        "2.0.0+dfsg-2ubuntu1.34",
        "2.0.0+dfsg-2ubuntu1.35",
        "2.0.0+dfsg-2ubuntu1.36",
        "2.0.0+dfsg-2ubuntu1.38",
        "2.0.0+dfsg-2ubuntu1.39",
        "2.0.0+dfsg-2ubuntu1.40",
        "2.0.0+dfsg-2ubuntu1.41",
        "2.0.0+dfsg-2ubuntu1.42",
        "2.0.0+dfsg-2ubuntu1.43",
        "2.0.0+dfsg-2ubuntu1.44",
        "2.0.0+dfsg-2ubuntu1.45"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2018-12126",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-12127",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-12130",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-20815",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9824",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-11091",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "qemu",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-block-extra",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-guest-agent",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-kvm",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-system",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-system-aarch64",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-system-arm",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-system-common",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-system-mips",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-system-misc",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-system-ppc",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-system-s390x",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-system-sparc",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-system-x86",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-user",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-user-binfmt",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-user-static",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          },
          {
            "binary_name": "qemu-utils",
            "binary_version": "1:2.5+dfsg-5ubuntu10.38"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "qemu",
        "purl": "pkg:deb/ubuntu/qemu@1:2.5+dfsg-5ubuntu10.38?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.5+dfsg-5ubuntu10.38"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1:2.3+dfsg-5ubuntu9",
        "1:2.3+dfsg-5ubuntu10",
        "1:2.4+dfsg-4ubuntu1",
        "1:2.4+dfsg-4ubuntu2",
        "1:2.4+dfsg-4ubuntu3",
        "1:2.4+dfsg-5ubuntu3",
        "1:2.5+dfsg-1ubuntu2",
        "1:2.5+dfsg-1ubuntu3",
        "1:2.5+dfsg-1ubuntu4",
        "1:2.5+dfsg-1ubuntu5",
        "1:2.5+dfsg-5ubuntu1",
        "1:2.5+dfsg-5ubuntu2",
        "1:2.5+dfsg-5ubuntu4",
        "1:2.5+dfsg-5ubuntu6",
        "1:2.5+dfsg-5ubuntu7",
        "1:2.5+dfsg-5ubuntu10",
        "1:2.5+dfsg-5ubuntu10.1",
        "1:2.5+dfsg-5ubuntu10.2",
        "1:2.5+dfsg-5ubuntu10.3",
        "1:2.5+dfsg-5ubuntu10.4",
        "1:2.5+dfsg-5ubuntu10.5",
        "1:2.5+dfsg-5ubuntu10.6",
        "1:2.5+dfsg-5ubuntu10.7",
        "1:2.5+dfsg-5ubuntu10.8",
        "1:2.5+dfsg-5ubuntu10.9",
        "1:2.5+dfsg-5ubuntu10.10",
        "1:2.5+dfsg-5ubuntu10.11",
        "1:2.5+dfsg-5ubuntu10.13",
        "1:2.5+dfsg-5ubuntu10.14",
        "1:2.5+dfsg-5ubuntu10.15",
        "1:2.5+dfsg-5ubuntu10.16",
        "1:2.5+dfsg-5ubuntu10.20",
        "1:2.5+dfsg-5ubuntu10.21",
        "1:2.5+dfsg-5ubuntu10.22",
        "1:2.5+dfsg-5ubuntu10.24",
        "1:2.5+dfsg-5ubuntu10.25",
        "1:2.5+dfsg-5ubuntu10.26",
        "1:2.5+dfsg-5ubuntu10.28",
        "1:2.5+dfsg-5ubuntu10.29",
        "1:2.5+dfsg-5ubuntu10.30",
        "1:2.5+dfsg-5ubuntu10.31",
        "1:2.5+dfsg-5ubuntu10.32",
        "1:2.5+dfsg-5ubuntu10.33",
        "1:2.5+dfsg-5ubuntu10.34",
        "1:2.5+dfsg-5ubuntu10.35",
        "1:2.5+dfsg-5ubuntu10.36",
        "1:2.5+dfsg-5ubuntu10.37"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2018-12126",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-12127",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-12130",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-20815",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-9824",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-11091",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:18.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "qemu",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-block-extra",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-guest-agent",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-kvm",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-system",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-system-arm",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-system-common",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-system-mips",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-system-misc",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-system-ppc",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-system-s390x",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-system-sparc",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-system-x86",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-user",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-user-binfmt",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-user-static",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          },
          {
            "binary_name": "qemu-utils",
            "binary_version": "1:2.11+dfsg-1ubuntu7.13"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:18.04:LTS",
        "name": "qemu",
        "purl": "pkg:deb/ubuntu/qemu@1:2.11+dfsg-1ubuntu7.13?arch=source\u0026distro=bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.11+dfsg-1ubuntu7.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1:2.10+dfsg-0ubuntu3",
        "1:2.10+dfsg-0ubuntu4",
        "1:2.10+dfsg-0ubuntu5",
        "1:2.11+dfsg-1ubuntu1",
        "1:2.11+dfsg-1ubuntu2",
        "1:2.11+dfsg-1ubuntu4",
        "1:2.11+dfsg-1ubuntu5",
        "1:2.11+dfsg-1ubuntu6",
        "1:2.11+dfsg-1ubuntu7",
        "1:2.11+dfsg-1ubuntu7.1",
        "1:2.11+dfsg-1ubuntu7.2",
        "1:2.11+dfsg-1ubuntu7.3",
        "1:2.11+dfsg-1ubuntu7.4",
        "1:2.11+dfsg-1ubuntu7.5",
        "1:2.11+dfsg-1ubuntu7.6",
        "1:2.11+dfsg-1ubuntu7.7",
        "1:2.11+dfsg-1ubuntu7.8",
        "1:2.11+dfsg-1ubuntu7.9",
        "1:2.11+dfsg-1ubuntu7.10",
        "1:2.11+dfsg-1ubuntu7.12"
      ]
    }
  ],
  "aliases": [],
  "details": "Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan\nHorea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa\nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,\nCristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss\ndiscovered that memory previously stored in microarchitectural fill buffers\nof an Intel CPU core may be exposed to a malicious process that is\nexecuting on the same CPU core. A local attacker could use this to expose\nsensitive information. (CVE-2018-12130)\n\nBrandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan\nvan Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh\nRazavi, Herbert Bos, and Cristiano Giuffrida discovered that memory\npreviously stored in microarchitectural load ports of an Intel CPU core may\nbe exposed to a malicious process that is executing on the same CPU core. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-12127)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel\nMoghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel\nGruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory\npreviously stored in microarchitectural store buffers of an Intel CPU core\nmay be exposed to a malicious process that is executing on the same CPU\ncore. A local attacker could use this to expose sensitive information.\n(CVE-2018-12126)\n\nKurtis Miller discovered that a buffer overflow existed in QEMU when\nloading a device tree blob. A local attacker could use this to execute\narbitrary code. (CVE-2018-20815)\n\nKe Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur,\nMoritz Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa\nMilburn, Sebastian \u00d6sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and\nCristiano Giuffrida discovered that uncacheable memory previously stored in\nmicroarchitectural buffers of an Intel CPU core may be exposed to a\nmalicious process that is executing on the same CPU core. A local attacker\ncould use this to expose sensitive information. (CVE-2019-11091)\n\nIt was discovered that a NULL pointer dereference existed in the sun4u\npower device implementation in QEMU. A local attacker could use this\nto cause a denial of service. This issue only affected Ubuntu 18.10\nand Ubuntu 19.04. (CVE-2019-5008)\n\nWilliam Bowling discovered that an information leak existed in the SLiRP\nnetworking implementation of QEMU. An attacker could use this to expose\nsensitive information. (CVE-2019-9824)\n",
  "id": "USN-3978-1",
  "modified": "2026-06-01T07:03:49Z",
  "published": "2019-05-14T17:59:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-3978-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2018-12126"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2018-12127"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2018-12130"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2018-20815"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-5008"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-9824"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-11091"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "qemu update",
  "upstream": [
    "UBUNTU-CVE-2018-12126",
    "UBUNTU-CVE-2018-12127",
    "UBUNTU-CVE-2018-12130",
    "UBUNTU-CVE-2018-20815",
    "UBUNTU-CVE-2019-5008",
    "UBUNTU-CVE-2019-9824",
    "UBUNTU-CVE-2019-11091"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…