{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-08-22T00:00:00", "descriptions": [{"lang": "en", "value": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-09T03:06:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20180828 CVE-2018-15746 Qemu: seccomp: blacklist is not applied to all threads", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2018/08/28/6"}, {"name": "[qemu-devel] 20180822 [PATCH v4 4/4] seccomp: set the seccomp filter to all threads", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html"}, {"name": "RHSA-2019:2425", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2425"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15746", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20180828 CVE-2018-15746 Qemu: seccomp: blacklist is not applied to all threads", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2018/08/28/6"}, {"name": "[qemu-devel] 20180822 [PATCH v4 4/4] seccomp: set the seccomp filter to all threads", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html"}, {"name": "RHSA-2019:2425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2425"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:01:54.539Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20180828 CVE-2018-15746 Qemu: seccomp: blacklist is not applied to all threads", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2018/08/28/6"}, {"name": "[qemu-devel] 20180822 [PATCH v4 4/4] seccomp: set the seccomp filter to all threads", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html"}, {"name": "RHSA-2019:2425", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2425"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-15746", "datePublished": "2018-08-29T19:00:00", "dateReserved": "2018-08-23T00:00:00", "dateUpdated": "2024-08-05T10:01:54.539Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "02BA5FF1-C9FB-4F3F-BA74-5BBC9B7FA9EC", "versionEndIncluding": "3.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread."}, {"lang": "es", "value": "qemu-seccomp.c en QEMU podr\u00eda permitir que usuarios locales del sistema operativo provoquen una denegaci\u00f3n de servicio (cierre inesperado del guest) aprovechando la gesti\u00f3n incorrecta de la pol\u00edtica seccomp para hilos diferentes al principal."}], "id": "CVE-2018-15746", "lastModified": "2024-11-21T03:51:23.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-29T19:29:00.670", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2018/08/28/6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2425"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2018/08/28/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2425"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Jann Horn (Google.com) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:3906", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-10:1.5.3-175.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:3907", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "qemu-kvm-ma-10:2.12.0-48.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2019:2425", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "qemu-kvm-rhev-10:2.12.0-33.el7", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2019-08-09T00:00:00Z"}, {"advisory": "RHSA-2019:2425", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "qemu-kvm-rhev-10:2.12.0-33.el7", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2019-08-09T00:00:00Z"}, {"advisory": "RHSA-2019:2425", "cpe": "cpe:/a:redhat:openstack:14::el7", "package": "qemu-kvm-rhev-10:2.12.0-33.el7", "product_name": "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date": "2019-08-09T00:00:00Z"}, {"advisory": "RHSA-2020:3267", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qemu-kvm-rhev-10:2.12.0-48.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2020-08-03T00:00:00Z"}, {"advisory": "RHSA-2020:3267", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "package": "qemu-kvm-rhev-10:2.12.0-48.el7", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2020-08-03T00:00:00Z"}], "bugzilla": {"description": "QEMU: seccomp: blacklist is not applied to all threads", "id": "1615637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1615637"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "status": "verified"}, "cwe": "CWE-184", "details": ["qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread."], "name": "CVE-2018-15746", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Affected", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "qemu-kvm-rhev", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}], "public_date": "2018-08-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-15746\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15746"], "threat_severity": "Low"}