CVE-2018-19364
MEDIUMQEMU < 3.0.0 - Use-After-Free in 9pfs fid Path Handling
Title source: llmDescription
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html
Mailing List, Patch, Vendor Advisory mailing-list
x_refsource_mlist
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3826-1/
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2018/11/20/1
Mailing List, Patch, Vendor Advisory mailing-list
x_refsource_mlist
https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4454
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/May/76
Scores
CVSS v3
5.5
EPSS
0.0008
EPSS Percentile
22.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-416
Status
published
Products (10)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
debian/debian_linux
8.0
debian/debian_linux
9.0
fedoraproject/fedora
29
opensuse/leap
42.3
qemu/qemu
3.1.0 rc0 (2 CPE variants)
qemu/qemu
< 3.0.0
Published
Dec 13, 2018
Tracked Since
Feb 18, 2026