CVE-2018-20123

NameCVE-2018-20123
Descriptionpvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs916442

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)jessie1:2.1+dfsg-12+deb8u6fixed
jessie (security)1:2.1+dfsg-12+deb8u12fixed
stretch (security), stretch1:2.8+dfsg-6+deb9u8fixed
buster1:3.1+dfsg-8~deb10u1vulnerable
buster (security)1:3.1+dfsg-8+deb10u2vulnerable
bullseye, sid1:4.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusource(unstable)1:4.1-1unimportant916442
qemusourcejessie(not affected)
qemusourcestretch(not affected)
qemu-kvmsource(unstable)(unfixed)

Notes

[stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html
PVRDMA support not enabled until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4, and
applied patch in 1:3.1+dfsg-3 reverted.

Search for package or bug name: Reporting problems