DEBIAN-CVE-2018-18954

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2018-18954
Downstream
DSA-4454-1
Published: 15 Nov 2018, 20:29
Last modified:28 Apr 2026, 20:19

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
3.0 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Nov 2018, 20:29
Published
Vulnerability first disclosed
28 Apr 2026, 20:19
Last Modified
Vulnerability information updated

Description

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

CVSS Metrics

  • v3.0MEDIUMScore: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

  • debianqemu

    < 1:3.1+dfsg-1 | < 1:3.1+dfsg-1 | < 1:3.1+dfsg-1 | < 1:3.1+dfsg-1

References (1)