CVE-2018-19364

Published: Dec 13, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update

mailing-list

x_refsource_MLIST

[qemu-devel] 20181107 [PATCH] 9p: write lock path in v9fs_co_open2()

mailing-list

x_refsource_MLIST

USN-3826-1

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20181120 CVE-2018-19364 Qemu: 9pfs: Use-after-free due to race condition while updating fid path

mailing-list

x_refsource_MLIST

[qemu-devel] 20181115 [PATCH] 9p: take write lock on fid path updates

mailing-list

x_refsource_MLIST

FEDORA-2019-88a98ce795

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2019:1074

vendor-advisory

x_refsource_SUSE

DSA-4454

vendor-advisory

x_refsource_DEBIAN

20190531 [SECURITY] [DSA 4454-1] qemu security update

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-19364

Description

Affected Products

References