UBUNTU-CVE-2018-18954

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2018-18954
Downstream
USN-3826-1
Published: 15 Nov 2018, 00:00
Last modified:04 Feb 2026, 04:13

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Nov 2018, 00:00
Published
Vulnerability first disclosed
04 Feb 2026, 04:13
Last Modified
Vulnerability information updated

Description

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

CVSS Metrics

  • v3.0MEDIUMScore: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Systems

  • ubuntuqemu

    < 1:2.11+dfsg-1ubuntu7.8

References (4)