VDB
RHSA-2018%3A2162
RHSA-2018%3A2162
PUBLISHED
CVSS 5.599999904632568 MEDIUM
Red Hat Security Advisory: qemu-kvm security update
Risk Scores
CVSS 3.0
5.599999904632568
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat:enterprise_linux:6::workstation | qemu-kvm | 0, 0 |
| Red Hat:enterprise_linux:6::workstation | qemu-kvm-debuginfo | 0, 0 |
| Red Hat:enterprise_linux:6::workstation | qemu-img | 0, 0 |
| Red Hat:enterprise_linux:6::server | qemu-kvm | 0, 0 |
| Red Hat:enterprise_linux:6::computenode | qemu-guest-agent | 0, 0 |
| Red Hat:enterprise_linux:6::computenode | qemu-kvm-debuginfo | 0, 0 |
| Red Hat:enterprise_linux:6::server | qemu-guest-agent | 0, 0 |
| Red Hat:enterprise_linux:6::client | qemu-kvm-tools | 0, 0 |
| Red Hat:enterprise_linux:6::client | qemu-img | 0, 0 |
| Red Hat:enterprise_linux:6::workstation | qemu-kvm-tools | 0, 0 |
| Red Hat:enterprise_linux:6::computenode | qemu-kvm-tools | 0, 0 |
| Red Hat:enterprise_linux:6::server | qemu-kvm-debuginfo | 0, 0 |
| Red Hat:enterprise_linux:6::computenode | qemu-kvm | 0, 0 |
| Red Hat:enterprise_linux:6::computenode | qemu-img | 0, 0 |
| Red Hat:enterprise_linux:6::server | qemu-img | 0, 0 |
| Red Hat:enterprise_linux:6::server | qemu-kvm-tools | 0, 0 |
| Red Hat:enterprise_linux:6::workstation | qemu-guest-agent | 0, 0 |
| Red Hat:enterprise_linux:6::client | qemu-kvm | 0, 0 |
| Red Hat:enterprise_linux:6::client | qemu-guest-agent | 0, 0 |
| Red Hat:enterprise_linux:6::client | qemu-kvm-debuginfo | 0, 0 |
Exploit Intelligence
- POCs for CVE-2017-13672 (OOB read in VGA Cirrus QEMU driver, causing DoS) (github-poc-repo)
- POCs for CVE-2017-13672 (OOB read in VGA Cirrus QEMU driver, causing DoS) (github-poc-repo)
- spectre v4 : Speculative Store Bypass (CVE-2018-3639) proof of concept for Linux (github-poc-repo)
- spectre v4 : Speculative Store Bypass (CVE-2018-3639) proof of concept for Linux (github-poc-repo)
- SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4) (github-poc-repo)
- SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4) (github-poc-repo)
- Speculative Store Bypass (CVE-2018-3639) proof of concept for Linux (github-poc-repo)
- Speculative Store Bypass (CVE-2018-3639) proof of concept for Linux (github-poc-repo)
- spectre v4 : Speculative Store Bypass (CVE-2018-3639) proof of concept for Linux (github-poc)
- spectre v4 : Speculative Store Bypass (CVE-2018-3639) proof of concept for Linux (github-poc)
…and 6 more exploits
Timeline
- Jul 10, 2018 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2018:2162 advisory
- https://access.redhat.com/security/updates/classification/#important article
- https://access.redhat.com/security/vulnerabilities/ssbd article
- https://bugzilla.redhat.com/show_bug.cgi?id=1486560 report
- https://bugzilla.redhat.com/show_bug.cgi?id=1530356 report
- https://bugzilla.redhat.com/show_bug.cgi?id=1553402 report
- https://bugzilla.redhat.com/show_bug.cgi?id=1566890 report
- https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2162.json advisory
- https://access.redhat.com/security/cve/CVE-2017-13672 report
- https://www.cve.org/CVERecord?id=CVE-2017-13672 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-13672 advisory
- https://access.redhat.com/security/cve/CVE-2018-3639 report
- https://www.cve.org/CVERecord?id=CVE-2018-3639 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-3639 advisory
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1528 article
- https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf article
- https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf article
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html article
- https://access.redhat.com/security/cve/CVE-2018-5683 report
- https://www.cve.org/CVERecord?id=CVE-2018-5683 advisory
…and 4 more