All the vulnerabilites related to QEMU - qemu
cve-2015-7295
Vulnerability from cvelistv5
Published
2015-11-09 16:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/09/18/9 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/82672 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2015/09/18/5 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169802.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2016/dsa-3469 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2016/dsa-3470 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169767.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150918 Re: CVE request Qemu: net: virtio-net possible remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/18/9"
},
{
"name": "82672",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/82672"
},
{
"name": "[oss-security] 20150918 CVE request Qemu: net: virtio-net possible remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/18/5"
},
{
"name": "FEDORA-2015-d8510319c0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html"
},
{
"name": "FEDORA-2015-d5c1048b47",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169802.html"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "FEDORA-2015-fca1900745",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169767.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20150918 Re: CVE request Qemu: net: virtio-net possible remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/18/9"
},
{
"name": "82672",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/82672"
},
{
"name": "[oss-security] 20150918 CVE request Qemu: net: virtio-net possible remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/18/5"
},
{
"name": "FEDORA-2015-d8510319c0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html"
},
{
"name": "FEDORA-2015-d5c1048b47",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169802.html"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "FEDORA-2015-fca1900745",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169767.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7295",
"datePublished": "2015-11-09T16:00:00",
"dateReserved": "2015-09-18T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8112
Vulnerability from cvelistv5
Published
2017-05-02 14:00
Modified
2024-08-05 16:27
Severity ?
EPSS score ?
Summary
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1445621 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2017/04/26/5 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/98015 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445621"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170426 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/26/5"
},
{
"name": "98015",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98015"
},
{
"name": "[qemu-devel] 20170425 Re: [PATCH] vmw_pvscsi: check message ring page count at initialisation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445621"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170426 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/26/5"
},
{
"name": "98015",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98015"
},
{
"name": "[qemu-devel] 20170425 Re: [PATCH] vmw_pvscsi: check message ring page count at initialisation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445621",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445621"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170426 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/04/26/5"
},
{
"name": "98015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98015"
},
{
"name": "[qemu-devel] 20170425 Re: [PATCH] vmw_pvscsi: check message ring page count at initialisation",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8112",
"datePublished": "2017-05-02T14:00:00",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-08-05T16:27:22.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7039
Vulnerability from cvelistv5
Published
2020-01-16 22:51
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/16/2"
},
{
"name": "[debian-lts-announce] 20200126 [SECURITY] [DLA 2076-1] slirp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html"
},
{
"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2090-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html"
},
{
"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/0"
},
{
"name": "DSA-4616",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4616"
},
{
"name": "RHSA-2020:0348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0348"
},
{
"name": "USN-4283-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4283-1/"
},
{
"name": "RHSA-2020:0775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0775"
},
{
"name": "openSUSE-SU-2020:0468",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "GLSA-202005-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-02"
},
{
"name": "[debian-lts-announce] 20210209 [SECURITY] [DLA 2551-1] slirp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T23:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/16/2"
},
{
"name": "[debian-lts-announce] 20200126 [SECURITY] [DLA 2076-1] slirp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html"
},
{
"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2090-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html"
},
{
"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/0"
},
{
"name": "DSA-4616",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4616"
},
{
"name": "RHSA-2020:0348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0348"
},
{
"name": "USN-4283-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4283-1/"
},
{
"name": "RHSA-2020:0775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0775"
},
{
"name": "openSUSE-SU-2020:0468",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "GLSA-202005-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-02"
},
{
"name": "[debian-lts-announce] 20210209 [SECURITY] [DLA 2551-1] slirp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9"
},
{
"name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80"
},
{
"name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/01/16/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/01/16/2"
},
{
"name": "[debian-lts-announce] 20200126 [SECURITY] [DLA 2076-1] slirp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html"
},
{
"name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2090-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html"
},
{
"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/0"
},
{
"name": "DSA-4616",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4616"
},
{
"name": "RHSA-2020:0348",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0348"
},
{
"name": "USN-4283-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4283-1/"
},
{
"name": "RHSA-2020:0775",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0775"
},
{
"name": "openSUSE-SU-2020:0468",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "GLSA-202005-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-02"
},
{
"name": "[debian-lts-announce] 20210209 [SECURITY] [DLA 2551-1] slirp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7039",
"datePublished": "2020-01-16T22:51:40",
"dateReserved": "2020-01-14T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0358
Vulnerability from cvelistv5
Published
2022-08-29 00:00
Modified
2024-08-02 23:25
Severity ?
EPSS score ?
Summary
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | QEMU/virtiofsd |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044863"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0358"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221007-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU/virtiofsd",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in qemu v6.2.0-7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "CWE-273 - Improper Check for Dropped Privileges.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044863"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-0358"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221007-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0358",
"datePublished": "2022-08-29T00:00:00",
"dateReserved": "2022-01-25T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5987
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96263 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=6e86d90352adf6cb08295255220295cf23c4286e | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/02/14/8 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1421995 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201704-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96263"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=6e86d90352adf6cb08295255220295cf23c4286e"
},
{
"name": "[oss-security] 20170214 CVE-2017-5987 Qemu: sd: infinite loop issue in multi block transfers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/14/8"
},
{
"name": "[qemu-devel] 20170213 Re: [Qemu-devel] [PATCH v3 1/4] sd: sdhci: check transfer mode register in multi block transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421995"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96263"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=6e86d90352adf6cb08295255220295cf23c4286e"
},
{
"name": "[oss-security] 20170214 CVE-2017-5987 Qemu: sd: infinite loop issue in multi block transfers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/14/8"
},
{
"name": "[qemu-devel] 20170213 Re: [Qemu-devel] [PATCH v3 1/4] sd: sdhci: check transfer mode register in multi block transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421995"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96263"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=6e86d90352adf6cb08295255220295cf23c4286e",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=6e86d90352adf6cb08295255220295cf23c4286e"
},
{
"name": "[oss-security] 20170214 CVE-2017-5987 Qemu: sd: infinite loop issue in multi block transfers",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/14/8"
},
{
"name": "[qemu-devel] 20170213 Re: [Qemu-devel] [PATCH v3 1/4] sd: sdhci: check transfer mode register in multi block transfer",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1421995",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421995"
},
{
"name": "GLSA-201704-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5987",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-02-14T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7980
Vulnerability from cvelistv5
Published
2017-07-25 14:00
Modified
2024-08-05 16:19
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0983",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0983"
},
{
"name": "[oss-security] 20170421 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/21/1"
},
{
"name": "RHSA-2017:0982",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0982"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1430"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "USN-3289-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-3289-1"
},
{
"name": "RHSA-2017:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"name": "97955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97955"
},
{
"name": "102129",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102129"
},
{
"name": "RHSA-2017:0984",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0984"
},
{
"name": "RHSA-2017:0988",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0988"
},
{
"name": "RHSA-2017:1441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430056"
},
{
"name": "RHSA-2017:0981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0981"
},
{
"name": "RHSA-2017:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0980"
},
{
"name": "RHSA-2017:1205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX230138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:0983",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0983"
},
{
"name": "[oss-security] 20170421 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/21/1"
},
{
"name": "RHSA-2017:0982",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0982"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1430"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "USN-3289-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-3289-1"
},
{
"name": "RHSA-2017:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"name": "97955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97955"
},
{
"name": "102129",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102129"
},
{
"name": "RHSA-2017:0984",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0984"
},
{
"name": "RHSA-2017:0988",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0988"
},
{
"name": "RHSA-2017:1441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430056"
},
{
"name": "RHSA-2017:0981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0981"
},
{
"name": "RHSA-2017:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0980"
},
{
"name": "RHSA-2017:1205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX230138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0983",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0983"
},
{
"name": "[oss-security] 20170421 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/04/21/1"
},
{
"name": "RHSA-2017:0982",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0982"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1430"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "USN-3289-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-3289-1"
},
{
"name": "RHSA-2017:1206",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"name": "97955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97955"
},
{
"name": "102129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102129"
},
{
"name": "RHSA-2017:0984",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0984"
},
{
"name": "RHSA-2017:0988",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0988"
},
{
"name": "RHSA-2017:1441",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1430056",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430056"
},
{
"name": "RHSA-2017:0981",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0981"
},
{
"name": "RHSA-2017:0980",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0980"
},
{
"name": "RHSA-2017:1205",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
},
{
"name": "https://support.citrix.com/article/CTX230138",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX230138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7980",
"datePublished": "2017-07-25T14:00:00",
"dateReserved": "2017-04-20T00:00:00",
"dateUpdated": "2024-08-05T16:19:29.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6836
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92444 | vdb-entry, x_refsource_BID | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdda170e50b8af062cf5741e12c4fb5e57a2eacf | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/08/11/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/08/18/5 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdda170e50b8af062cf5741e12c4fb5e57a2eacf"
},
{
"name": "[oss-security] 20160812 CVE Request Qemu: Information leak in vmxnet3_complete_packet",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/5"
},
{
"name": "[oss-security] 20160817 Re: CVE Request Qemu: Information leak in vmxnet3_complete_packet",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/5"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160811 [PATCH] net: vmxnet: initialise local tx descriptor",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "92444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdda170e50b8af062cf5741e12c4fb5e57a2eacf"
},
{
"name": "[oss-security] 20160812 CVE Request Qemu: Information leak in vmxnet3_complete_packet",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/5"
},
{
"name": "[oss-security] 20160817 Re: CVE Request Qemu: Information leak in vmxnet3_complete_packet",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/5"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160811 [PATCH] net: vmxnet: initialise local tx descriptor",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6836",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-08-17T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25084
Vulnerability from cvelistv5
Published
2020-09-25 04:06
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/09/16/5 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20201009-0005/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/16/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/16/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/09/16/5",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/09/16/5"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201009-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25084",
"datePublished": "2020-09-25T04:06:51",
"dateReserved": "2020-09-02T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6351
Vulnerability from cvelistv5
Published
2016-09-07 18:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/07/25/14 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/07/26/7 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92119 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160726 CVE request Qemu: scsi: esp: oob write access while reading ESP command",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/14"
},
{
"name": "[oss-security] 20160726 Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11"
},
{
"name": "92119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92119"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cc96677469388bad3d66479379735cf75db069e3"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160726 CVE request Qemu: scsi: esp: oob write access while reading ESP command",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/14"
},
{
"name": "[oss-security] 20160726 Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11"
},
{
"name": "92119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92119"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6351",
"datePublished": "2016-09-07T18:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2620
Vulnerability from cvelistv5
Published
2018-07-27 19:00
Modified
2024-08-05 14:02
Severity ?
EPSS score ?
Summary
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0329",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
},
{
"name": "RHSA-2017:0334",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name": "1037870",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037870"
},
{
"name": "RHSA-2017:0328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:0333",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
},
{
"name": "RHSA-2017:0351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
},
{
"name": "RHSA-2017:0454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-209.html"
},
{
"name": "RHSA-2017:0331",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
},
{
"name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"
},
{
"name": "RHSA-2017:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
},
{
"name": "RHSA-2017:0396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
},
{
"name": "RHSA-2017:0352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
},
{
"name": "RHSA-2017:0330",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
},
{
"name": "RHSA-2017:0332",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
},
{
"name": "96378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX220771"
},
{
"name": "GLSA-201703-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201703-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu:",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.8"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:0329",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
},
{
"name": "RHSA-2017:0334",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name": "1037870",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037870"
},
{
"name": "RHSA-2017:0328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:0333",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
},
{
"name": "RHSA-2017:0351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
},
{
"name": "RHSA-2017:0454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://xenbits.xen.org/xsa/advisory-209.html"
},
{
"name": "RHSA-2017:0331",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
},
{
"name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"
},
{
"name": "RHSA-2017:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
},
{
"name": "RHSA-2017:0396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
},
{
"name": "RHSA-2017:0352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
},
{
"name": "RHSA-2017:0330",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
},
{
"name": "RHSA-2017:0332",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
},
{
"name": "96378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX220771"
},
{
"name": "GLSA-201703-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201703-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qemu:",
"version": {
"version_data": [
{
"version_value": "2.8"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0329",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
},
{
"name": "RHSA-2017:0334",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name": "1037870",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037870"
},
{
"name": "RHSA-2017:0328",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:0333",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
},
{
"name": "RHSA-2017:0351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
},
{
"name": "RHSA-2017:0454",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-209.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-209.html"
},
{
"name": "RHSA-2017:0331",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
},
{
"name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"
},
{
"name": "RHSA-2017:0350",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
},
{
"name": "RHSA-2017:0396",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
},
{
"name": "GLSA-201704-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
},
{
"name": "RHSA-2017:0352",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
},
{
"name": "RHSA-2017:0330",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
},
{
"name": "RHSA-2017:0332",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
},
{
"name": "96378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96378"
},
{
"name": "https://support.citrix.com/article/CTX220771",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220771"
},
{
"name": "GLSA-201703-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201703-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2620",
"datePublished": "2018-07-27T19:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7718
Vulnerability from cvelistv5
Published
2017-04-20 17:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:28.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97957"
},
{
"name": "RHSA-2017:0983",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0983"
},
{
"name": "RHSA-2017:0982",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443441"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1430"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "RHSA-2017:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"name": "RHSA-2017:1431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1431"
},
{
"name": "RHSA-2017:0984",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0984"
},
{
"name": "RHSA-2017:0988",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0988"
},
{
"name": "RHSA-2017:1441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"name": "[oss-security] 20170419 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/19/4"
},
{
"name": "RHSA-2017:0981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904"
},
{
"name": "RHSA-2017:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0980"
},
{
"name": "RHSA-2017:1205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97957"
},
{
"name": "RHSA-2017:0983",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0983"
},
{
"name": "RHSA-2017:0982",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443441"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:1430",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1430"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "RHSA-2017:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"name": "RHSA-2017:1431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1431"
},
{
"name": "RHSA-2017:0984",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0984"
},
{
"name": "RHSA-2017:0988",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0988"
},
{
"name": "RHSA-2017:1441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"name": "[oss-security] 20170419 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/19/4"
},
{
"name": "RHSA-2017:0981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904"
},
{
"name": "RHSA-2017:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0980"
},
{
"name": "RHSA-2017:1205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97957"
},
{
"name": "RHSA-2017:0983",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0983"
},
{
"name": "RHSA-2017:0982",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0982"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1443441",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443441"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:1430",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1430"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "RHSA-2017:1206",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"name": "RHSA-2017:1431",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1431"
},
{
"name": "RHSA-2017:0984",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0984"
},
{
"name": "RHSA-2017:0988",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0988"
},
{
"name": "RHSA-2017:1441",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"name": "[oss-security] 20170419 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/04/19/4"
},
{
"name": "RHSA-2017:0981",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0981"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=215902d7b6fb50c6fc216fc74f770858278ed904",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=215902d7b6fb50c6fc216fc74f770858278ed904"
},
{
"name": "RHSA-2017:0980",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0980"
},
{
"name": "RHSA-2017:1205",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7718",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2017-04-12T00:00:00",
"dateUpdated": "2024-08-05T16:12:28.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7170
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92904 | vdb-entry, x_refsource_BID | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=167d97a3def77ee2dbf6e908b0ecbfe2103977db | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/09/7 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/09/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92904"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=167d97a3def77ee2dbf6e908b0ecbfe2103977db"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20160908 [PATCH] vmsvga: correct bitmap and pixmap size checks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html"
},
{
"name": "[oss-security] 20160909 Re: CVE Request Qemu: vmware_vga: OOB stack memory access when processing svga command",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/7"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20160909 CVE Request Qemu: vmware_vga: OOB stack memory access when processing svga command",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "92904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92904"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=167d97a3def77ee2dbf6e908b0ecbfe2103977db"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20160908 [PATCH] vmsvga: correct bitmap and pixmap size checks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html"
},
{
"name": "[oss-security] 20160909 Re: CVE Request Qemu: vmware_vga: OOB stack memory access when processing svga command",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/7"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20160909 CVE Request Qemu: vmware_vga: OOB stack memory access when processing svga command",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/09/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7170",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-09-08T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9524
Vulnerability from cvelistv5
Published
2017-07-06 16:00
Modified
2024-08-05 17:11
Severity ?
EPSS score ?
Summary
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:1681 | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2017/06/12/1 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:1682 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/99011 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3925 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1681",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1681"
},
{
"name": "[oss-security] 20170612 CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/12/1"
},
{
"name": "RHSA-2017:1682",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1682"
},
{
"name": "99011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99011"
},
{
"name": "[qemu-devel] 20170526 [PATCH] nbd: Fully initialize client in case of failed negotiation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "DSA-3925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3925"
},
{
"name": "[qemu-devel] 20170608 [PATCH] nbd: Fix regression on resiliency to port scan",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:1681",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1681"
},
{
"name": "[oss-security] 20170612 CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/12/1"
},
{
"name": "RHSA-2017:1682",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1682"
},
{
"name": "99011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99011"
},
{
"name": "[qemu-devel] 20170526 [PATCH] nbd: Fully initialize client in case of failed negotiation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "DSA-3925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3925"
},
{
"name": "[qemu-devel] 20170608 [PATCH] nbd: Fix regression on resiliency to port scan",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1681",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1681"
},
{
"name": "[oss-security] 20170612 CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/12/1"
},
{
"name": "RHSA-2017:1682",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1682"
},
{
"name": "99011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99011"
},
{
"name": "[qemu-devel] 20170526 [PATCH] nbd: Fully initialize client in case of failed negotiation",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "DSA-3925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3925"
},
{
"name": "[qemu-devel] 20170608 [PATCH] nbd: Fix regression on resiliency to port scan",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9524",
"datePublished": "2017-07-06T16:00:00",
"dateReserved": "2017-06-09T00:00:00",
"dateUpdated": "2024-08-05T17:11:01.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19364
Vulnerability from cvelistv5
Published
2018-12-13 19:00
Modified
2024-08-05 11:37
Severity ?
EPSS score ?
Summary
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3826-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2018/11/20/1 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/ | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html | vendor-advisory, x_refsource_SUSE | |
| https://www.debian.org/security/2019/dsa-4454 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/May/76 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:10.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html"
},
{
"name": "[qemu-devel] 20181107 [PATCH] 9p: write lock path in v9fs_co_open2()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[oss-security] 20181120 CVE-2018-19364 Qemu: 9pfs: Use-after-free due to race condition while updating fid path",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/11/20/1"
},
{
"name": "[qemu-devel] 20181115 [PATCH] 9p: take write lock on fid path updates",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T13:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html"
},
{
"name": "[qemu-devel] 20181107 [PATCH] 9p: write lock path in v9fs_co_open2()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[oss-security] 20181120 CVE-2018-19364 Qemu: 9pfs: Use-after-free due to race condition while updating fid path",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/11/20/1"
},
{
"name": "[qemu-devel] 20181115 [PATCH] 9p: take write lock on fid path updates",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html"
},
{
"name": "[qemu-devel] 20181107 [PATCH] 9p: write lock path in v9fs_co_open2()",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg01139.html"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[oss-security] 20181120 CVE-2018-19364 Qemu: 9pfs: Use-after-free due to race condition while updating fid path",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/11/20/1"
},
{
"name": "[qemu-devel] 20181115 [PATCH] 9p: take write lock on fid path updates",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg02795.html"
},
{
"name": "FEDORA-2019-88a98ce795",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "openSUSE-SU-2019:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/76"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19364",
"datePublished": "2018-12-13T19:00:00",
"dateReserved": "2018-11-19T00:00:00",
"dateUpdated": "2024-08-05T11:37:10.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35517
Vulnerability from cvelistv5
Published
2021-01-28 19:13
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1915823 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/01/22/1 | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210312-0002/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/22/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0002/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T19:06:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915823"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/22/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0002/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35517",
"datePublished": "2021-01-28T19:13:54",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8577
Vulnerability from cvelistv5
Published
2016-11-04 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/10/10/7 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2016/10/10/13 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93473 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161010 CVE request: Qemu: 9pfs: host memory leakage in v9fs_read",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/7"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[oss-security] 20161010 Re: CVE request: Qemu: 9pfs: host memory leakage in v9fs_read",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/13"
},
{
"name": "93473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93473"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161010 CVE request: Qemu: 9pfs: host memory leakage in v9fs_read",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/7"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[oss-security] 20161010 Re: CVE request: Qemu: 9pfs: host memory leakage in v9fs_read",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/13"
},
{
"name": "93473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93473"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8577",
"datePublished": "2016-11-04T21:00:00",
"dateReserved": "2016-10-10T00:00:00",
"dateUpdated": "2024-08-06T02:27:40.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5579
Vulnerability from cvelistv5
Published
2017-03-15 15:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2017/01/24/8 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-28 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/95780 | vdb-entry, x_refsource_BID | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/01/25/3 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170124 CVE request Qemu: serial: host memory leakage in 16550A UART emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/24/8"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95780",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95780"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b"
},
{
"name": "[oss-security] 20170125 Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/3"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170124 CVE request Qemu: serial: host memory leakage in 16550A UART emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/24/8"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95780",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95780"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b"
},
{
"name": "[oss-security] 20170125 Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/3"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-5579",
"datePublished": "2017-03-15T15:00:00",
"dateReserved": "2017-01-25T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11334
Vulnerability from cvelistv5
Published
2017-08-02 19:00
Modified
2024-08-05 18:05
Severity ?
EPSS score ?
Summary
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471638"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "[oss-security] 20170717 CVE-2017-11334 Qemu: exec: oob access during dma operation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/17/4"
},
{
"name": "[qemu-devel] 20170713 [PULL 21/41] exec: use qemu_ram_ptr_length to access guest ram",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "99895",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99895"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "RHSA-2017:3369",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3369"
},
{
"name": "DSA-3925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471638"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "[oss-security] 20170717 CVE-2017-11334 Qemu: exec: oob access during dma operation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/17/4"
},
{
"name": "[qemu-devel] 20170713 [PULL 21/41] exec: use qemu_ram_ptr_length to access guest ram",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "99895",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99895"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "RHSA-2017:3369",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3369"
},
{
"name": "DSA-3925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1471638",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471638"
},
{
"name": "RHSA-2017:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "[oss-security] 20170717 CVE-2017-11334 Qemu: exec: oob access during dma operation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/07/17/4"
},
{
"name": "[qemu-devel] 20170713 [PULL 21/41] exec: use qemu_ram_ptr_length to access guest ram",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html"
},
{
"name": "RHSA-2017:3474",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2017:3471",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "99895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99895"
},
{
"name": "RHSA-2017:3466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "RHSA-2017:3369",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3369"
},
{
"name": "DSA-3925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11334",
"datePublished": "2017-08-02T19:00:00",
"dateReserved": "2017-07-14T00:00:00",
"dateUpdated": "2024-08-05T18:05:30.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7840
Vulnerability from cvelistv5
Published
2014-12-12 15:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-0624.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08 | x_refsource_CONFIRM | |
| http://thread.gmane.org/gmane.comp.emulators.qemu/306117 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2015-0349.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99194 | vdb-entry, x_refsource_XF | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1163075 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:0624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08"
},
{
"name": "[qemu-devel] 20141112 [PATCH 0/4] migration: fix CVE-2014-7840",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.emulators.qemu/306117"
},
{
"name": "RHSA-2015:0349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
},
{
"name": "qemu-cve20147840-code-exec(99194)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:0624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=0be839a2701369f669532ea5884c15bead1c6e08"
},
{
"name": "[qemu-devel] 20141112 [PATCH 0/4] migration: fix CVE-2014-7840",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://thread.gmane.org/gmane.comp.emulators.qemu/306117"
},
{
"name": "RHSA-2015:0349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
},
{
"name": "qemu-cve20147840-code-exec(99194)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163075"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-7840",
"datePublished": "2014-12-12T15:00:00",
"dateReserved": "2014-10-03T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8666
Vulnerability from cvelistv5
Published
2017-04-11 19:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/12/24/1 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1283722 | x_refsource_CONFIRM | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/79670 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:20.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151224 CVE request Qemu: acpi: heap based buffer overrun during VM migration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/24/1"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283722"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb"
},
{
"name": "79670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79670"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20151224 CVE request Qemu: acpi: heap based buffer overrun during VM migration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/24/1"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283722"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb"
},
{
"name": "79670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79670"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8666",
"datePublished": "2017-04-11T19:00:00",
"dateReserved": "2015-12-24T00:00:00",
"dateUpdated": "2024-08-06T08:29:20.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4037
Vulnerability from cvelistv5
Published
2015-08-26 19:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2630-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2630-1"
},
{
"name": "SUSE-SU-2015:1152",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
},
{
"name": "[oss-security] 20150523 Re: QEMU 2.3.0 tmp vulns CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/23/4"
},
{
"name": "SUSE-SU-2015:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
},
{
"name": "FEDORA-2015-9599",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html"
},
{
"name": "FEDORA-2015-9601",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html"
},
{
"name": "[oss-security] 20150516 Re: QEMU 2.3.0 tmp vulns CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/16/5"
},
{
"name": "DSA-3284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3284"
},
{
"name": "1032547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032547"
},
{
"name": "openSUSE-SU-2015:1965",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"
},
{
"name": "74809",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74809"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892"
},
{
"name": "[oss-security] 20150513 QEMU 2.3.0 tmp vulns CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/13/7"
},
{
"name": "DSA-3285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2630-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2630-1"
},
{
"name": "SUSE-SU-2015:1152",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
},
{
"name": "[oss-security] 20150523 Re: QEMU 2.3.0 tmp vulns CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/23/4"
},
{
"name": "SUSE-SU-2015:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
},
{
"name": "FEDORA-2015-9599",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html"
},
{
"name": "FEDORA-2015-9601",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html"
},
{
"name": "[oss-security] 20150516 Re: QEMU 2.3.0 tmp vulns CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/16/5"
},
{
"name": "DSA-3284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3284"
},
{
"name": "1032547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032547"
},
{
"name": "openSUSE-SU-2015:1965",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"
},
{
"name": "74809",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74809"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222892"
},
{
"name": "[oss-security] 20150513 QEMU 2.3.0 tmp vulns CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/13/7"
},
{
"name": "DSA-3285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3285"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-4037",
"datePublished": "2015-08-26T19:00:00",
"dateReserved": "2015-05-19T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2538
Vulnerability from cvelistv5
Published
2016-06-16 18:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/83336 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201604-01 | vendor-advisory, x_refsource_GENTOO | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2974-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/02/22/3 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1303120 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "83336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83336"
},
{
"name": "[qemu-devel] 20160216 [Qemu-devel] [PATCH 2/2] usb: check RNDIS buffer offsets \u0026 length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[oss-security] 20160222 CVE request Qemu: usb: integer overflow in remote NDIS control message handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/22/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303120"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "83336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83336"
},
{
"name": "[qemu-devel] 20160216 [Qemu-devel] [PATCH 2/2] usb: check RNDIS buffer offsets \u0026 length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[oss-security] 20160222 CVE request Qemu: usb: integer overflow in remote NDIS control message handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/22/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303120"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2538",
"datePublished": "2016-06-16T18:00:00",
"dateReserved": "2016-02-23T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9310
Vulnerability from cvelistv5
Published
2017-06-08 16:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4154c7e03fa55b4cf52509a83d50d6c09d743b7 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98766 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2017/dsa-3920 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2017/05/31/1 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1452620 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4154c7e03fa55b4cf52509a83d50d6c09d743b7"
},
{
"name": "98766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98766"
},
{
"name": "DSA-3920",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "[oss-security] 20170531 CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/31/1"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452620"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4154c7e03fa55b4cf52509a83d50d6c09d743b7"
},
{
"name": "98766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98766"
},
{
"name": "DSA-3920",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "[oss-security] 20170531 CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/31/1"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452620"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7"
},
{
"name": "98766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98766"
},
{
"name": "DSA-3920",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "[oss-security] 20170531 CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/31/1"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1452620",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452620"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9310",
"datePublished": "2017-06-08T16:00:00",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9603
Vulnerability from cvelistv5
Published
2018-07-27 21:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:02.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96893"
},
{
"name": "RHSA-2017:0983",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0983"
},
{
"name": "RHSA-2017:0982",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0982"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "RHSA-2017:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"name": "1038023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX221578"
},
{
"name": "RHSA-2017:0985",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0985"
},
{
"name": "RHSA-2017:0987",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0987"
},
{
"name": "RHSA-2017:0984",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0984"
},
{
"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
},
{
"name": "RHSA-2017:0988",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0988"
},
{
"name": "RHSA-2017:1441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
},
{
"name": "RHSA-2017:0981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0981"
},
{
"name": "RHSA-2017:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0980"
},
{
"name": "RHSA-2017:1205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu:",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.9"
}
]
}
],
"datePublic": "2017-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow flaw was found in QEMU\u0027s Cirrus CLGD 54xx VGA emulator\u0027s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "96893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96893"
},
{
"name": "RHSA-2017:0983",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0983"
},
{
"name": "RHSA-2017:0982",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0982"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "RHSA-2017:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"name": "1038023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX221578"
},
{
"name": "RHSA-2017:0985",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0985"
},
{
"name": "RHSA-2017:0987",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0987"
},
{
"name": "RHSA-2017:0984",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0984"
},
{
"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
},
{
"name": "RHSA-2017:0988",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0988"
},
{
"name": "RHSA-2017:1441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
},
{
"name": "RHSA-2017:0981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0981"
},
{
"name": "RHSA-2017:0980",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0980"
},
{
"name": "RHSA-2017:1205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qemu:",
"version": {
"version_data": [
{
"version_value": "2.9"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap buffer overflow flaw was found in QEMU\u0027s Cirrus CLGD 54xx VGA emulator\u0027s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96893"
},
{
"name": "RHSA-2017:0983",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0983"
},
{
"name": "RHSA-2017:0982",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0982"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "RHSA-2017:1206",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"name": "1038023",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038023"
},
{
"name": "https://support.citrix.com/article/CTX221578",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX221578"
},
{
"name": "RHSA-2017:0985",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0985"
},
{
"name": "RHSA-2017:0987",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0987"
},
{
"name": "RHSA-2017:0984",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0984"
},
{
"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
},
{
"name": "RHSA-2017:0988",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0988"
},
{
"name": "RHSA-2017:1441",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
},
{
"name": "RHSA-2017:0981",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0981"
},
{
"name": "RHSA-2017:0980",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0980"
},
{
"name": "RHSA-2017:1205",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9603",
"datePublished": "2018-07-27T21:00:00",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-08-06T02:59:02.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7422
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0 | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/92996 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/09/16/10 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/16/4 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0"
},
{
"name": "[qemu-devel] 20160915 [PATCH] virtio: add check for descriptor\u0027s mapped address",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "92996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92996"
},
{
"name": "[oss-security] 20160916 Re: CVE request Qemu: virtio: null pointer dereference in virtqueu_map_desc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/10"
},
{
"name": "[oss-security] 20160916 CVE request Qemu: virtio: null pointer dereference in virtqueu_map_desc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/4"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0"
},
{
"name": "[qemu-devel] 20160915 [PATCH] virtio: add check for descriptor\u0027s mapped address",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "92996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92996"
},
{
"name": "[oss-security] 20160916 Re: CVE request Qemu: virtio: null pointer dereference in virtqueu_map_desc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/10"
},
{
"name": "[oss-security] 20160916 CVE request Qemu: virtio: null pointer dereference in virtqueu_map_desc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/4"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7422",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9921
Vulnerability from cvelistv5
Published
2016-12-23 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/94803 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2016/12/09/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94803"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94803"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9921",
"datePublished": "2016-12-23T22:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10664
Vulnerability from cvelistv5
Published
2017-08-02 19:00
Modified
2024-08-05 17:41
Severity ?
EPSS score ?
Summary
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:41:55.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3920",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "RHSA-2017:2445",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2445"
},
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "99513",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99513"
},
{
"name": "[qemu-devel] 20170611 [PATCH] qemu-nbd: Ignore SIGPIPE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "[oss-security] 20170629 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/29/1"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466190"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3920",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "RHSA-2017:2445",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2445"
},
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "99513",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99513"
},
{
"name": "[qemu-devel] 20170611 [PATCH] qemu-nbd: Ignore SIGPIPE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "[oss-security] 20170629 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/29/1"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466190"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3920",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "RHSA-2017:2445",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2445"
},
{
"name": "RHSA-2017:3473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "99513",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99513"
},
{
"name": "[qemu-devel] 20170611 [PATCH] qemu-nbd: Ignore SIGPIPE",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html"
},
{
"name": "RHSA-2017:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "[oss-security] 20170629 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/29/1"
},
{
"name": "RHSA-2017:3471",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1466190",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466190"
},
{
"name": "RHSA-2017:3466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10664",
"datePublished": "2017-08-02T19:00:00",
"dateReserved": "2017-06-28T00:00:00",
"dateUpdated": "2024-08-05T17:41:55.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3713
Vulnerability from cvelistv5
Published
2021-08-25 18:40
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1994640 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210923-0006/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2021/dsa-4980 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994640"
},
{
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210923-0006/"
},
{
"name": "DSA-4980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 6.2.0-rc0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice-\u003edata3 and UASDevice-\u003estatus3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:45",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994640"
},
{
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210923-0006/"
},
{
"name": "DSA-4980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu 6.2.0-rc0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice-\u003edata3 and UASDevice-\u003estatus3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1994640",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994640"
},
{
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210923-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210923-0006/"
},
{
"name": "DSA-4980",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3713",
"datePublished": "2021-08-25T18:40:48",
"dateReserved": "2021-08-17T00:00:00",
"dateUpdated": "2024-08-03T17:01:08.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36648
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 17:29
Severity ?
EPSS score ?
Summary
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231006-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T17:28:53.375328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T17:29:51.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T22:21:08.483057",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0004/"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36648",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-10-03T17:29:51.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-17962
Vulnerability from cvelistv5
Published
2018-10-09 22:00
Modified
2024-08-05 11:01
Severity ?
EPSS score ?
Summary
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/10/08/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4338 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/3826-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:2892 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "DSA-4338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[qemu-devel] 20180926 [PULL 23/25] pcnet: fix possible buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2019:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-24T15:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "DSA-4338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[qemu-devel] 20180926 [PULL 23/25] pcnet: fix possible buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2019:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "DSA-4338",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[qemu-devel] 20180926 [PULL 23/25] pcnet: fix possible buffer overflow",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2019:2892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17962",
"datePublished": "2018-10-09T22:00:00",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3608
Vulnerability from cvelistv5
Published
2022-02-24 18:50
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1973383 | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220318-0002/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220318-0002/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu-kvm 6.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:18",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220318-0002/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu-kvm 6.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1973383",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973383"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220318-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220318-0002/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3608",
"datePublished": "2022-02-24T18:50:20",
"dateReserved": "2021-06-17T00:00:00",
"dateUpdated": "2024-08-03T17:01:08.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35506
Vulnerability from cvelistv5
Published
2021-05-28 10:20
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/04/16/3 | mailing-list, x_refsource_MLIST | |
| https://www.openwall.com/lists/oss-security/2021/04/16/3 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1909996 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210713-0006/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909996"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the \u0027Information Transfer\u0027 command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:14:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909996"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu 6.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the \u0027Information Transfer\u0027 command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/04/16/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1909996",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909996"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210713-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35506",
"datePublished": "2021-05-28T10:20:55",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3019
Vulnerability from cvelistv5
Published
2023-07-24 15:19
Modified
2024-11-15 16:25
Severity ?
EPSS score ?
Summary
Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:0135 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0404 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0569 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2135 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-3019 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2222351 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0135"
},
{
"name": "RHSA-2024:0404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0404"
},
{
"name": "RHSA-2024:0569",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0569"
},
{
"name": "RHSA-2024:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2135"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3019"
},
{
"name": "RHBZ#2222351",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222351"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "virt-devel:rhel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231206155326.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "virt:rhel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231206155326.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "virt-devel:rhel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231128234847.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "virt:rhel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231128234847.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::crb",
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "virt-devel:rhel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020240116113044.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::crb",
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "virt:rhel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020240116113044.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "17:8.2.0-11.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
}
],
"datePublic": "2023-06-01T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:25:40.794Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0135"
},
{
"name": "RHSA-2024:0404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0404"
},
{
"name": "RHSA-2024:0569",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0569"
},
{
"name": "RHSA-2024:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2135"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3019"
},
{
"name": "RHBZ#2222351",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222351"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-01T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()",
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3019",
"datePublished": "2023-07-24T15:19:19.804Z",
"dateReserved": "2023-05-31T14:08:11.910Z",
"dateUpdated": "2024-11-15T16:25:40.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18438
Vulnerability from cvelistv5
Published
2018-10-19 22:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105953 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2018/10/17/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105953",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105953"
},
{
"name": "[qemu-devel] 20181012 [PATCH v2 07/11] chardev: Let IOReadHandler use unsigned type",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html"
},
{
"name": "[qemu-devel] 20181012 [PATCH v2 00/11] chardev: Convert IO handlers to use unsigned type",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html"
},
{
"name": "[oss-security] 20181017 CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/10/17/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-20T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105953",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105953"
},
{
"name": "[qemu-devel] 20181012 [PATCH v2 07/11] chardev: Let IOReadHandler use unsigned type",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html"
},
{
"name": "[qemu-devel] 20181012 [PATCH v2 00/11] chardev: Convert IO handlers to use unsigned type",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html"
},
{
"name": "[oss-security] 20181017 CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/10/17/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105953"
},
{
"name": "[qemu-devel] 20181012 [PATCH v2 07/11] chardev: Let IOReadHandler use unsigned type",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html"
},
{
"name": "[qemu-devel] 20181012 [PATCH v2 00/11] chardev: Convert IO handlers to use unsigned type",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html"
},
{
"name": "[oss-security] 20181017 CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/10/17/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18438",
"datePublished": "2018-10-19T22:00:00",
"dateReserved": "2018-10-17T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13754
Vulnerability from cvelistv5
Published
2020-06-02 13:37
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/06/01/6 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200608-0007/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2020/06/15/8 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4728 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/202011-09 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0007/"
},
{
"name": "[oss-security] 20200615 Re: CVE-2020-13754 QEMU: msix: OOB access during mmio operations may lead to DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/15/8"
},
{
"name": "DSA-4728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T05:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0007/"
},
{
"name": "[oss-security] 20200615 Re: CVE-2020-13754 QEMU: msix: OOB access during mmio operations may lead to DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/15/8"
},
{
"name": "DSA-4728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/06/01/6",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/6"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0007/"
},
{
"name": "[oss-security] 20200615 Re: CVE-2020-13754 QEMU: msix: OOB access during mmio operations may lead to DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/15/8"
},
{
"name": "DSA-4728",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13754",
"datePublished": "2020-06-02T13:37:25",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20808
Vulnerability from cvelistv5
Published
2020-12-31 00:26
Modified
2024-08-05 02:53
Severity ?
EPSS score ?
Summary
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1841136 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210205-0003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:53:09.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1841136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T11:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1841136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1841136",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1841136"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210205-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210205-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20808",
"datePublished": "2020-12-31T00:26:39",
"dateReserved": "2020-05-28T00:00:00",
"dateUpdated": "2024-08-05T02:53:09.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6490
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/07/28/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/07/28/9 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1e7aed70144b4673fc26e73062064b6724795e5f | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160728 CVE Request Qemu: virtio: infinite loop in virtqueue_pop",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/28/4"
},
{
"name": "[oss-security] 20160728 Re: CVE Request Qemu: virtio: infinite loop in virtqueue_pop",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/28/9"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1e7aed70144b4673fc26e73062064b6724795e5f"
},
{
"name": "[qemu-devel] 20160726 [PATCH] virtio: check vring descriptor buffer length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160728 CVE Request Qemu: virtio: infinite loop in virtqueue_pop",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/28/4"
},
{
"name": "[oss-security] 20160728 Re: CVE Request Qemu: virtio: infinite loop in virtqueue_pop",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/28/9"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1e7aed70144b4673fc26e73062064b6724795e5f"
},
{
"name": "[qemu-devel] 20160726 [PATCH] virtio: check vring descriptor buffer length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6490",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-07-28T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5525
Vulnerability from cvelistv5
Published
2017-03-15 15:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/01/18/7 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201702-28 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/95671 | vdb-entry, x_refsource_BID | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=12351a91da97b414eec8cdb09f1d9f41e535a401 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/01/17/19 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in ac97 device",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/7"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95671"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=12351a91da97b414eec8cdb09f1d9f41e535a401"
},
{
"name": "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in ac97 device",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in ac97 device",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/7"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95671"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=12351a91da97b414eec8cdb09f1d9f41e535a401"
},
{
"name": "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in ac97 device",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/19"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-5525",
"datePublished": "2017-03-15T15:00:00",
"dateReserved": "2017-01-18T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8567
Vulnerability from cvelistv5
Published
2017-04-13 17:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1560",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00017.html"
},
{
"name": "79721",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79721"
},
{
"name": "SUSE-SU-2016:1703",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00058.html"
},
{
"name": "openSUSE-SU-2016:0126",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html"
},
{
"name": "USN-2891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2891-1"
},
{
"name": "openSUSE-SU-2016:0123",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.html"
},
{
"name": "FEDORA-2016-275e9ff483",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176558.html"
},
{
"name": "FEDORA-2016-42778e8c82",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175967.html"
},
{
"name": "[oss-security] 20151215 Re: CVE request Qemu: net: vmxnet3: host memory leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/10"
},
{
"name": "SUSE-SU-2016:0955",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00002.html"
},
{
"name": "[qemu-devel] 20151215 Re: [Qemu-devel] net: vmxnet3: memory leakage issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html"
},
{
"name": "FEDORA-2016-2c15b72b01",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176300.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "SUSE-SU-2016:1318",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00049.html"
},
{
"name": "SUSE-SU-2016:0873",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00087.html"
},
{
"name": "FEDORA-2016-e1784417af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "openSUSE-SU-2016:1750",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-13T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2016:1560",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00017.html"
},
{
"name": "79721",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79721"
},
{
"name": "SUSE-SU-2016:1703",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00058.html"
},
{
"name": "openSUSE-SU-2016:0126",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html"
},
{
"name": "USN-2891-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2891-1"
},
{
"name": "openSUSE-SU-2016:0123",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.html"
},
{
"name": "FEDORA-2016-275e9ff483",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176558.html"
},
{
"name": "FEDORA-2016-42778e8c82",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175967.html"
},
{
"name": "[oss-security] 20151215 Re: CVE request Qemu: net: vmxnet3: host memory leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/10"
},
{
"name": "SUSE-SU-2016:0955",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00002.html"
},
{
"name": "[qemu-devel] 20151215 Re: [Qemu-devel] net: vmxnet3: memory leakage issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html"
},
{
"name": "FEDORA-2016-2c15b72b01",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176300.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "SUSE-SU-2016:1318",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00049.html"
},
{
"name": "SUSE-SU-2016:0873",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00087.html"
},
{
"name": "FEDORA-2016-e1784417af",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "openSUSE-SU-2016:1750",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00003.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8567",
"datePublished": "2017-04-13T17:00:00",
"dateReserved": "2015-12-15T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9718
Vulnerability from cvelistv5
Published
2015-04-21 16:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2015/dsa-3259 | vendor-advisory, x_refsource_DEBIAN | |
| http://openwall.com/lists/oss-security/2015/04/20/7 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/73316 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "[oss-security] 20150420 Re: CVE request Qemu: malicious PRDT flow from guest to host",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/04/20/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8"
},
{
"name": "73316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function\u0027s return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-15T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "[oss-security] 20150420 Re: CVE request Qemu: malicious PRDT flow from guest to host",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2015/04/20/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3251bdcf1c67427d964517053c3d185b46e618e8"
},
{
"name": "73316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73316"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-9718",
"datePublished": "2015-04-21T16:00:00",
"dateReserved": "2015-04-21T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12068
Vulnerability from cvelistv5
Published
2019-09-24 19:59
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html | x_refsource_MISC | |
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08 | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2019-12068 | x_refsource_MISC | |
| https://usn.ubuntu.com/4191-2/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4191-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2020/dsa-4665 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-26T13:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \u0027s-\u003edsp\u0027 index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-12068",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12068"
},
{
"name": "USN-4191-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
},
{
"name": "USN-4191-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "DSA-4665",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12068",
"datePublished": "2019-09-24T19:59:44",
"dateReserved": "2019-05-13T00:00:00",
"dateUpdated": "2024-08-04T23:10:30.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4952
Vulnerability from cvelistv5
Published
2016-09-02 14:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/05/23/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/23/4 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1334384 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160523 CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/23/1"
},
{
"name": "[oss-security] 20160523 Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/23/4"
},
{
"name": "[qemu-devel] 20160523 [Qemu-devel] [PATCH] scsi: pvscsi: check command descriptor ring buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334384"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160523 CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/23/1"
},
{
"name": "[oss-security] 20160523 Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/23/4"
},
{
"name": "[qemu-devel] 20160523 [Qemu-devel] [PATCH] scsi: pvscsi: check command descriptor ring buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334384"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4952",
"datePublished": "2016-09-02T14:00:00",
"dateReserved": "2016-05-23T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9106
Vulnerability from cvelistv5
Published
2016-12-09 22:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/30/10 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93964 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/10/28/4 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9 | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: memory leakage in v9fs_write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/10"
},
{
"name": "93964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93964"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: memory leakage in v9fs_write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/4"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9"
},
{
"name": "[qemu-devel] 20161012 Re: [PATCH v2] 9pfs: fix memory leak in v9fs_write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: memory leakage in v9fs_write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/10"
},
{
"name": "93964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93964"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: memory leakage in v9fs_write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/4"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9"
},
{
"name": "[qemu-devel] 20161012 Re: [PATCH v2] 9pfs: fix memory leak in v9fs_write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9106",
"datePublished": "2016-12-09T22:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4344
Vulnerability from cvelistv5
Published
2013-10-04 17:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/62773 | vdb-entry, x_refsource_BID | |
| http://article.gmane.org/gmane.comp.emulators.qemu/237191 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2013/10/02/2 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/98028 | vdb-entry, x_refsource_OSVDB | |
| http://rhn.redhat.com/errata/RHSA-2013-1754.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1553.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.ubuntu.com/usn/USN-2092-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1281",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
},
{
"name": "62773",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62773"
},
{
"name": "[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191"
},
{
"name": "openSUSE-SU-2014:1279",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
},
{
"name": "[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/2"
},
{
"name": "98028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/98028"
},
{
"name": "RHSA-2013:1754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html"
},
{
"name": "RHSA-2013:1553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html"
},
{
"name": "USN-2092-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2092-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:1281",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
},
{
"name": "62773",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62773"
},
{
"name": "[qemu-devel] 20131009 [ANNOUNCE] QEMU 1.6.1 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191"
},
{
"name": "openSUSE-SU-2014:1279",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
},
{
"name": "[oss-security] 20131002 Xen Security Advisory 65 (CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/02/2"
},
{
"name": "98028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/98028"
},
{
"name": "RHSA-2013:1754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html"
},
{
"name": "RHSA-2013:1553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html"
},
{
"name": "USN-2092-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2092-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4344",
"datePublished": "2013-10-04T17:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7994
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93453 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/10/07/2 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/08/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93453"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161007 CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/2"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20160919 Re: [PATCH] virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html"
},
{
"name": "[oss-security] 20161008 Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "93453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93453"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161007 CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/2"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20160919 Re: [PATCH] virtio-gpu: fix memory leak in virtio_gpu_resource_create_2d",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04083.html"
},
{
"name": "[oss-security] 20161008 Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7994",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-11434
Vulnerability from cvelistv5
Published
2017-07-25 18:00
Modified
2024-08-05 18:12
Severity ?
EPSS score ?
Summary
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/99923 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1472611 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/07/19/2 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2017/dsa-3925 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:39.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "99923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99923"
},
{
"name": "[qemu-devel] 20170717 [PATCH] slirp: check len against dhcp options array end",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472611"
},
{
"name": "[oss-security] 20170719 CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/19/2"
},
{
"name": "DSA-3925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "99923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99923"
},
{
"name": "[qemu-devel] 20170717 [PATCH] slirp: check len against dhcp options array end",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472611"
},
{
"name": "[oss-security] 20170719 CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/19/2"
},
{
"name": "DSA-3925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "99923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99923"
},
{
"name": "[qemu-devel] 20170717 [PATCH] slirp: check len against dhcp options array end",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1472611",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1472611"
},
{
"name": "[oss-security] 20170719 CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/07/19/2"
},
{
"name": "DSA-3925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11434",
"datePublished": "2017-07-25T18:00:00",
"dateReserved": "2017-07-18T00:00:00",
"dateUpdated": "2024-08-05T18:12:39.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4535
Vulnerability from cvelistv5
Published
2020-02-11 15:35
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | x_refsource_MISC | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4 | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2014-0743.html | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2014-0744.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1066401 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 1.7.2"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Signedness Error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T15:35:48",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "before 1.7.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Signedness Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html",
"refsource": "MISC",
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4",
"refsource": "MISC",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=36cf2a37132c7f01fa9adb5f95f5312b27742fd4"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2014-0743.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2014-0744.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4535",
"datePublished": "2020-02-11T15:35:48",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20123
Vulnerability from cvelistv5
Published
2018-12-17 18:00
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106219 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2018/12/13/4 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3923-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:19.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106219"
},
{
"name": "[oss-security] 20181213 CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/13/4"
},
{
"name": "[qemu-devel] 20181212 Re: [PATCH] pvrdma: release device resources in case of an error",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T19:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106219"
},
{
"name": "[oss-security] 20181213 CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/13/4"
},
{
"name": "[qemu-devel] 20181212 Re: [PATCH] pvrdma: release device resources in case of an error",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106219"
},
{
"name": "[oss-security] 20181213 CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/12/13/4"
},
{
"name": "[qemu-devel] 20181212 Re: [PATCH] pvrdma: release device resources in case of an error",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html"
},
{
"name": "USN-3923-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20123",
"datePublished": "2018-12-17T18:00:00",
"dateReserved": "2018-12-13T00:00:00",
"dateUpdated": "2024-08-05T11:51:19.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15118
Vulnerability from cvelistv5
Published
2018-07-27 21:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:1104 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html | x_refsource_MISC | |
| https://usn.ubuntu.com/3575-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/101975 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/11/28/8 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/43194/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "101975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/8"
},
{
"name": "43194",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43194/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.11"
}
]
}
],
"datePublic": "2017-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "101975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/8"
},
{
"name": "43194",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43194/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qemu",
"version": {
"version_data": [
{
"version_value": "2.11"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "101975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101975"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/11/28/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/8"
},
{
"name": "43194",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43194/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15118",
"datePublished": "2018-07-27T21:00:00",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:15.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8744
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1270871 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/79821 | vdb-entry, x_refsource_BID | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/01/04/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/01/04/6 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id/1034576 | vdb-entry, x_refsource_SECTRACK | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1270871"
},
{
"name": "79821",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79821"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b"
},
{
"name": "[oss-security] 20160104 CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/3"
},
{
"name": "[oss-security] 20160104 Re: CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/6"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "1034576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034576"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1270871"
},
{
"name": "79821",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79821"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b"
},
{
"name": "[oss-security] 20160104 CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/3"
},
{
"name": "[oss-security] 20160104 Re: CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/6"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "1034576",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034576"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8744",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-06T08:29:21.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27661
Vulnerability from cvelistv5
Published
2021-06-02 15:25
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1890653 | x_refsource_MISC | |
| https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1770368.html | x_refsource_MISC | |
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bea2a9e3e00b275dc40cfa09c760c715b8753e03 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210720-0010/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890653"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1770368.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bea2a9e3e00b275dc40cfa09c760c715b8753e03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T10:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890653"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1770368.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bea2a9e3e00b275dc40cfa09c760c715b8753e03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1890653",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890653"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1770368.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1770368.html"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210720-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210720-0010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27661",
"datePublished": "2021-06-02T15:25:19",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10028
Vulnerability from cvelistv5
Published
2017-02-27 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037525 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/94981 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/12/20/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/12/22/14 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31"
},
{
"name": "1037525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037525"
},
{
"name": "94981",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94981"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[qemu-devel] 20161214 [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html"
},
{
"name": "[oss-security] 20161220 CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/20/1"
},
{
"name": "[oss-security] 20161222 Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/22/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31"
},
{
"name": "1037525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037525"
},
{
"name": "94981",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94981"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[qemu-devel] 20161214 [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html"
},
{
"name": "[oss-security] 20161220 CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/20/1"
},
{
"name": "[oss-security] 20161222 Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/22/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-10028",
"datePublished": "2017-02-27T22:00:00",
"dateReserved": "2016-12-22T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3710
Vulnerability from cvelistv5
Published
2016-05-11 21:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-179.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2016:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0999.html"
},
{
"name": "90316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90316"
},
{
"name": "RHSA-2016:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0725.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1000",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX212736"
},
{
"name": "RHSA-2016:1002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1002.html"
},
{
"name": "RHSA-2016:1001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1001.html"
},
{
"name": "RHSA-2016:0997",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0997.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
},
{
"name": "1035794",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035794"
},
{
"name": "RHSA-2016:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1943.html"
},
{
"name": "RHSA-2016:1019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1019.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[oss-security] 20160509 CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/3"
},
{
"name": "RHSA-2016:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0724.html"
},
{
"name": "[Qemu-devel] 20160509 [PULL 1/5] vga: fix banked access bounds checking (CVE-2016-3710)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html"
},
{
"name": "RHSA-2016:1224",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1224"
},
{
"name": "DSA-3573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the \"Dark Portal\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-179.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2016:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0999.html"
},
{
"name": "90316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90316"
},
{
"name": "RHSA-2016:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0725.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1000",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX212736"
},
{
"name": "RHSA-2016:1002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1002.html"
},
{
"name": "RHSA-2016:1001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1001.html"
},
{
"name": "RHSA-2016:0997",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0997.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862"
},
{
"name": "1035794",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035794"
},
{
"name": "RHSA-2016:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1943.html"
},
{
"name": "RHSA-2016:1019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1019.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[oss-security] 20160509 CVE-2016-3710 Qemu: vga: out-of-bounds r/w access issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/3"
},
{
"name": "RHSA-2016:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0724.html"
},
{
"name": "[Qemu-devel] 20160509 [PULL 1/5] vga: fix banked access bounds checking (CVE-2016-3710)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01197.html"
},
{
"name": "RHSA-2016:1224",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1224"
},
{
"name": "DSA-3573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3573"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3710",
"datePublished": "2016-05-11T21:00:00",
"dateReserved": "2016-03-30T00:00:00",
"dateUpdated": "2024-08-06T00:03:34.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25624
Vulnerability from cvelistv5
Published
2020-11-30 06:28
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201210-0005/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:35.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201210-0005/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201210-0005/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201210-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201210-0005/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25624",
"datePublished": "2020-11-30T06:28:17",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:35.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8345
Vulnerability from cvelistv5
Published
2017-04-13 17:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/77985 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2015/11/25/11 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3469 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2016/dsa-3470 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77985"
},
{
"name": "[oss-security] 20151125 Re: CVE request Qemu: net: eepro100: infinite loop in processing command block list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/25/11"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "[qemu-devel] 20151016 [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same comman",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77985"
},
{
"name": "[oss-security] 20151125 Re: CVE request Qemu: net: eepro100: infinite loop in processing command block list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/25/11"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "[qemu-devel] 20151016 [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same comman",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77985"
},
{
"name": "[oss-security] 20151125 Re: CVE request Qemu: net: eepro100: infinite loop in processing command block list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/25/11"
},
{
"name": "DSA-3469",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "[qemu-devel] 20151016 [Qemu-devel] [PATCH] eepro100: prevent an infinite loop over same comman",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html"
},
{
"name": "DSA-3471",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8345",
"datePublished": "2017-04-13T17:00:00",
"dateReserved": "2015-11-25T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13673
Vulnerability from cvelistv5
Published
2017-08-29 16:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:1104 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/100527 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:1113 | vendor-advisory, x_refsource_REDHAT | |
| https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/09/10/1 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:18.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "100527",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100527"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d"
},
{
"name": "[oss-security] 20170910 Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/09/10/1"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T00:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "100527",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100527"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d"
},
{
"name": "[oss-security] 20170910 Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/09/10/1"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "100527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100527"
},
{
"name": "RHSA-2018:1113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bfc56535f793c557aa754c50213fc5f882e6482d"
},
{
"name": "[oss-security] 20170910 Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/09/10/1"
},
{
"name": "openSUSE-SU-2019:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13673",
"datePublished": "2017-08-29T16:00:00",
"dateReserved": "2017-08-24T00:00:00",
"dateUpdated": "2024-08-05T19:05:18.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7815
Vulnerability from cvelistv5
Published
2014-11-14 15:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61484 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2015-0624.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/62144 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1157641 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/62143 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2015-0349.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-3067 | vendor-advisory, x_refsource_DEBIAN | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 | x_refsource_CONFIRM | |
| http://support.citrix.com/article/CTX200892 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2409-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-3066 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61484"
},
{
"name": "RHSA-2015:0624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
},
{
"name": "62144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157641"
},
{
"name": "SUSE-SU-2015:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "62143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62143"
},
{
"name": "RHSA-2015:0349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
},
{
"name": "DSA-3067",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX200892"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
},
{
"name": "DSA-3066",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-27T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "61484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61484"
},
{
"name": "RHSA-2015:0624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
},
{
"name": "62144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157641"
},
{
"name": "SUSE-SU-2015:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "62143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62143"
},
{
"name": "RHSA-2015:0349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
},
{
"name": "DSA-3067",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX200892"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
},
{
"name": "DSA-3066",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3066"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-7815",
"datePublished": "2014-11-14T15:00:00",
"dateReserved": "2014-10-03T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8743
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/04/2 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1264929 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034574 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/79820 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/01/04/1 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3469 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2016/dsa-3470 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160104 Re: CVE request Qemu: net: ne2000: OOB r/w in ioport operations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264929"
},
{
"name": "1034574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034574"
},
{
"name": "79820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79820"
},
{
"name": "[oss-security] 20160104 CVE request Qemu: net: ne2000: OOB r/w in ioport operations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/1"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "[qemu-devel] 20160104 Re: [PATCH v3] net: ne2000: fix bounds check in ioport operations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing \u0027ioport\u0027 r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160104 Re: CVE request Qemu: net: ne2000: OOB r/w in ioport operations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264929"
},
{
"name": "1034574",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034574"
},
{
"name": "79820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79820"
},
{
"name": "[oss-security] 20160104 CVE request Qemu: net: ne2000: OOB r/w in ioport operations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/1"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "[qemu-devel] 20160104 Re: [PATCH v3] net: ne2000: fix bounds check in ioport operations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8743",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-06T08:29:21.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4529
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0927.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0927.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0927.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4529",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:15.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3611
Vulnerability from cvelistv5
Published
2022-05-11 15:23
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1973784 | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/issues/542 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220624-0001/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220624-0001/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "QEMU versions prior to 7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:10:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220624-0001/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3611",
"datePublished": "2022-05-11T15:23:00",
"dateReserved": "2021-06-18T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25743
Vulnerability from cvelistv5
Published
2020-10-06 14:15
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05967.html | x_refsource_MISC | |
| https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1b | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/09/29/1 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1881409 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05967.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881409"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T14:15:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05967.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881409"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05967.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05967.html"
},
{
"name": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1b",
"refsource": "MISC",
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1b"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/09/29/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881409",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881409"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25743",
"datePublished": "2020-10-06T14:15:23",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4544
Vulnerability from cvelistv5
Published
2014-05-08 14:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://thread.gmane.org/gmane.comp.emulators.qemu/265562 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8c6c0478996e8f77374e69b6df68655b0b4ba689 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1087513 | x_refsource_CONFIRM | |
| http://www.osvdb.org/106013 | vdb-entry, x_refsource_OSVDB | |
| http://ubuntu.com/usn/usn-2182-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3c99afc779c2c78718a565ad8c5e98de7c2c7484 | x_refsource_CONFIRM | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f12d048a523780dbda702027d4a91b62af1a08d7 | x_refsource_CONFIRM | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=9878d173f574df74bde0ff50b2f81009fbee81bb | x_refsource_CONFIRM | |
| http://secunia.com/advisories/58191 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu] 20140404 [PATCH V2 0/4] CVE-2013-4544",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.emulators.qemu/265562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8c6c0478996e8f77374e69b6df68655b0b4ba689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087513"
},
{
"name": "106013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/106013"
},
{
"name": "USN-2182-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2182-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3c99afc779c2c78718a565ad8c5e98de7c2c7484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f12d048a523780dbda702027d4a91b62af1a08d7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=9878d173f574df74bde0ff50b2f81009fbee81bb"
},
{
"name": "58191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-08T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu] 20140404 [PATCH V2 0/4] CVE-2013-4544",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://thread.gmane.org/gmane.comp.emulators.qemu/265562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8c6c0478996e8f77374e69b6df68655b0b4ba689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087513"
},
{
"name": "106013",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/106013"
},
{
"name": "USN-2182-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2182-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3c99afc779c2c78718a565ad8c5e98de7c2c7484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f12d048a523780dbda702027d4a91b62af1a08d7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=9878d173f574df74bde0ff50b2f81009fbee81bb"
},
{
"name": "58191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58191"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4544",
"datePublished": "2014-05-08T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5105
Vulnerability from cvelistv5
Published
2016-09-02 14:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/05/25/5 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/05/26/7 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1339583 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:47.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160525 CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/5"
},
{
"name": "[qemu-devel] 20160525 [Qemu-devel] [PATCH v2] scsi: megasas: initialise local configuration da",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339583"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160525 CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/5"
},
{
"name": "[qemu-devel] 20160525 [Qemu-devel] [PATCH v2] scsi: megasas: initialise local configuration da",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: stack information leakage while reading configuration",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339583"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5105",
"datePublished": "2016-09-02T14:00:00",
"dateReserved": "2016-05-26T00:00:00",
"dateUpdated": "2024-08-06T00:53:47.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8379
Vulnerability from cvelistv5
Published
2017-05-23 03:56
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2017/05/03/2 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/98277 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/2"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "98277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/2"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "98277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/2"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "98277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8379",
"datePublished": "2017-05-23T03:56:00",
"dateReserved": "2017-04-30T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4453
Vulnerability from cvelistv5
Published
2016-06-01 22:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1336650 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/90928 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/05/30/2 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:24.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[qemu-devel] 20160530 [Qemu-devel] [PATCH 4/4] vmsvga: don\u0027t process more than 1024 fifo commands at once",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650"
},
{
"name": "90928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90928"
},
{
"name": "[oss-security] 20160530 CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[qemu-devel] 20160530 [Qemu-devel] [PATCH 4/4] vmsvga: don\u0027t process more than 1024 fifo commands at once",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336650"
},
{
"name": "90928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90928"
},
{
"name": "[oss-security] 20160530 CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4453",
"datePublished": "2016-06-01T22:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:24.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6815
Vulnerability from cvelistv5
Published
2020-01-31 21:38
Modified
2024-08-06 07:29
Severity ?
EPSS score ?
Summary
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:24.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/04/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/05/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "before 2.4.0.1"
}
]
}
],
"datePublic": "2015-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:01:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/04/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/05/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-6815",
"datePublished": "2020-01-31T21:38:47",
"dateReserved": "2015-09-05T00:00:00",
"dateUpdated": "2024-08-06T07:29:24.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2841
Vulnerability from cvelistv5
Published
2016-06-16 18:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/03/02/8 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1303106 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/84028 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2974-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:21.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160302 CVE request Qemu: net: ne2000: infinite loop in ne2000_receive",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/02/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303106"
},
{
"name": "84028",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84028"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160226 Re: [PATCH v2] net: ne2000: check ring buffer control registers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160302 CVE request Qemu: net: ne2000: infinite loop in ne2000_receive",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/02/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303106"
},
{
"name": "84028",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84028"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160226 Re: [PATCH v2] net: ne2000: check ring buffer control registers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2841",
"datePublished": "2016-06-16T18:00:00",
"dateReserved": "2016-03-02T00:00:00",
"dateUpdated": "2024-08-05T23:32:21.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10806
Vulnerability from cvelistv5
Published
2017-08-02 19:00
Modified
2024-08-05 17:50
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1468496 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/99475 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/07/07/1 | mailing-list, x_refsource_MLIST | |
| https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2017/dsa-3925 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468496"
},
{
"name": "99475",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99475"
},
{
"name": "[oss-security] 20170707 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/07/1"
},
{
"name": "[qemu-devel] 20170512 [PULL 2/6] usb-redir: fix stack overflow in usbredir_log_data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html"
},
{
"name": "DSA-3925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468496"
},
{
"name": "99475",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99475"
},
{
"name": "[oss-security] 20170707 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/07/1"
},
{
"name": "[qemu-devel] 20170512 [PULL 2/6] usb-redir: fix stack overflow in usbredir_log_data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html"
},
{
"name": "DSA-3925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1468496",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468496"
},
{
"name": "99475",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99475"
},
{
"name": "[oss-security] 20170707 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/07/07/1"
},
{
"name": "[qemu-devel] 20170512 [PULL 2/6] usb-redir: fix stack overflow in usbredir_log_data",
"refsource": "MLIST",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html"
},
{
"name": "DSA-3925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10806",
"datePublished": "2017-08-02T19:00:00",
"dateReserved": "2017-07-03T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15038
Vulnerability from cvelistv5
Published
2017-10-09 14:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4213 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3575-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2017/10/06/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[qemu-devel] 20171004 Re: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[oss-security] 20171006 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/10/06/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[qemu-devel] 20171004 Re: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[oss-security] 20171006 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/10/06/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[qemu-devel] 20171004 Re: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[oss-security] 20171006 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/10/06/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15038",
"datePublished": "2017-10-09T14:00:00",
"dateReserved": "2017-10-05T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2633
Vulnerability from cvelistv5
Published
2018-07-27 19:00
Modified
2024-08-05 14:02
Severity ?
EPSS score ?
Summary
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/02/23/1 | mailing-list, x_refsource_MLIST | |
| https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1206 | vendor-advisory, x_refsource_REDHAT | |
| https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1441 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/96417 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:1856 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2017:1205 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:06.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef"
},
{
"name": "RHSA-2017:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
},
{
"name": "RHSA-2017:1441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"name": "96417",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96417"
},
{
"name": "RHSA-2017:1856",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
},
{
"name": "RHSA-2017:1205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu:",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "1.7.2"
}
]
}
],
"datePublic": "2016-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the \u0027vnc_refresh_server_surface\u0027. A user inside a guest could use this flaw to crash the QEMU process."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef"
},
{
"name": "RHSA-2017:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
},
{
"name": "RHSA-2017:1441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"name": "96417",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96417"
},
{
"name": "RHSA-2017:1856",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
},
{
"name": "RHSA-2017:1205",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qemu:",
"version": {
"version_data": [
{
"version_value": "1.7.2"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the \u0027vnc_refresh_server_surface\u0027. A user inside a guest could use this flaw to crash the QEMU process."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.4/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "3.8/AV:A/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef"
},
{
"name": "RHSA-2017:1206",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1206"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
},
{
"name": "RHSA-2017:1441",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1441"
},
{
"name": "96417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96417"
},
{
"name": "RHSA-2017:1856",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
},
{
"name": "RHSA-2017:1205",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2633",
"datePublished": "2018-07-27T19:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:06.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9908
Vulnerability from cvelistv5
Published
2016-12-23 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/12/08/4 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/94761 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/4"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing \u0027VIRTIO_GPU_CMD_GET_CAPSET\u0027 command. A guest user/process could use this flaw to leak contents of the host memory bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/4"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94761"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9908",
"datePublished": "2016-12-23T22:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15859
Vulnerability from cvelistv5
Published
2020-07-21 15:25
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/qemu/+bug/1886362 | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05304.html | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/07/21/3 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1886362"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05304.html"
},
{
"name": "[oss-security] 20200721 CVE-2020-15859 QEMU: net: e1000e: use-after-free while sending packets",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/21/3"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data\u0027s address set to the e1000e\u0027s MMIO address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1886362"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05304.html"
},
{
"name": "[oss-security] 20200721 CVE-2020-15859 QEMU: net: e1000e: use-after-free while sending packets",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/21/3"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data\u0027s address set to the e1000e\u0027s MMIO address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/qemu/+bug/1886362",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/qemu/+bug/1886362"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05304.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05304.html"
},
{
"name": "[oss-security] 20200721 CVE-2020-15859 QEMU: net: e1000e: use-after-free while sending packets",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2020/07/21/3"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15859",
"datePublished": "2020-07-21T15:25:03",
"dateReserved": "2020-07-20T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2391
Vulnerability from cvelistv5
Published
2016-06-16 18:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/83263 | vdb-entry, x_refsource_BID | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/02/16/2 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2974-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1304794 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "83263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360"
},
{
"name": "[oss-security] 20160216 CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/16/2"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1304794"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160216 [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "83263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360"
},
{
"name": "[oss-security] 20160216 CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/16/2"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1304794"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160216 [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2391",
"datePublished": "2016-06-16T18:00:00",
"dateReserved": "2016-02-16T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8380
Vulnerability from cvelistv5
Published
2017-08-28 15:00
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98303 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html"
},
{
"name": "98303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the \"megasas_mmio_write\" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html"
},
{
"name": "98303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the \"megasas_mmio_write\" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html"
},
{
"name": "98303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8380",
"datePublished": "2017-08-28T15:00:00",
"dateReserved": "2017-04-30T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4111
Vulnerability from cvelistv5
Published
2014-02-26 15:00
Modified
2024-08-07 00:01
Severity ?
EPSS score ?
Summary
Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=751310 | x_refsource_CONFIRM | |
| http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log | x_refsource_CONFIRM | |
| http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2011-1777.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2011-1801.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:49.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=751310"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0"
},
{
"name": "RHSA-2011:1777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1777.html"
},
{
"name": "RHSA-2011:1801",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1801.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-26T14:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=751310"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0"
},
{
"name": "RHSA-2011:1777",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1777.html"
},
{
"name": "RHSA-2011:1801",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1801.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4111",
"datePublished": "2014-02-26T15:00:00",
"dateReserved": "2011-10-18T00:00:00",
"dateUpdated": "2024-08-07T00:01:49.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9381
Vulnerability from cvelistv5
Published
2017-01-23 21:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://xenbits.xen.org/xsa/advisory-197.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201612-56 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/94476 | vdb-entry, x_refsource_BID | |
| https://support.citrix.com/article/CTX218775 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037344 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-197.html"
},
{
"name": "GLSA-201612-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-56"
},
{
"name": "94476",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94476"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX218775"
},
{
"name": "1037344",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a \"double fetch\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-197.html"
},
{
"name": "GLSA-201612-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-56"
},
{
"name": "94476",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94476"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX218775"
},
{
"name": "1037344",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a \"double fetch\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-197.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-197.html"
},
{
"name": "GLSA-201612-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-56"
},
{
"name": "94476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94476"
},
{
"name": "https://support.citrix.com/article/CTX218775",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX218775"
},
{
"name": "1037344",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9381",
"datePublished": "2017-01-23T21:00:00",
"dateReserved": "2016-11-17T00:00:00",
"dateUpdated": "2024-08-06T02:50:37.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1544
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2024-08-02 05:49
Severity ?
EPSS score ?
Summary
Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qemu:rdma:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rdma",
"vendor": "qemu",
"versions": [
{
"lessThan": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-19T18:10:20.763384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T13:49:11.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1544"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180364"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230511-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/qemu-project/qemu",
"defaultStatus": "affected",
"packageName": "qemu",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8.2.0-rc0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank SorryMybad (Kunlun Lab) for reporting this issue."
}
],
"datePublic": "2023-02-27T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:34:48.957Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1544"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180364"
},
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230511-0005/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-02-27T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()",
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-1544",
"datePublished": "2023-03-23T00:00:00",
"dateReserved": "2023-03-21T00:00:00",
"dateUpdated": "2024-08-02T05:49:11.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7858
Vulnerability from cvelistv5
Published
2018-03-12 21:00
Modified
2024-08-05 06:37
Severity ?
EPSS score ?
Summary
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2162 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1553402 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:1369 | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/3649-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://access.redhat.com/errata/RHSA-2018:1416 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/103350 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2018/03/09/1 | mailing-list, x_refsource_MLIST | |
| https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553402"
},
{
"name": "RHSA-2018:1369",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1369"
},
{
"name": "USN-3649-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3649-1/"
},
{
"name": "RHSA-2018:1416",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1416"
},
{
"name": "103350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103350"
},
{
"name": "[oss-security] 20180309 CVE-2018-7858 Qemu: cirrus: OOB access when updating vga display",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/09/1"
},
{
"name": "[qemu-devel] 20180308 [PATCH] vga: fix region calculation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T00:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:2162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553402"
},
{
"name": "RHSA-2018:1369",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1369"
},
{
"name": "USN-3649-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3649-1/"
},
{
"name": "RHSA-2018:1416",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1416"
},
{
"name": "103350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103350"
},
{
"name": "[oss-security] 20180309 CVE-2018-7858 Qemu: cirrus: OOB access when updating vga display",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/09/1"
},
{
"name": "[qemu-devel] 20180308 [PATCH] vga: fix region calculation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2162",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1553402",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553402"
},
{
"name": "RHSA-2018:1369",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1369"
},
{
"name": "USN-3649-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3649-1/"
},
{
"name": "RHSA-2018:1416",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1416"
},
{
"name": "103350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103350"
},
{
"name": "[oss-security] 20180309 CVE-2018-7858 Qemu: cirrus: OOB access when updating vga display",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/03/09/1"
},
{
"name": "[qemu-devel] 20180308 [PATCH] vga: fix region calculation",
"refsource": "MLIST",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html"
},
{
"name": "openSUSE-SU-2019:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7858",
"datePublished": "2018-03-12T21:00:00",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20216
Vulnerability from cvelistv5
Published
2018-12-20 21:00
Modified
2024-08-05 11:58
Severity ?
EPSS score ?
Summary
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/12/19/2 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/106291 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/3923-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181219 CVE-2018-20216 QEMU: pvrdma: infinite loop in pvrdma_qp_send/recv",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/19/2"
},
{
"name": "[qemu-devel] 20181213 Re: [PATCH v2 6/6] pvrdma: check return value from pvrdma_idx_ring_has_ routines",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html"
},
{
"name": "106291",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106291"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-27T13:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20181219 CVE-2018-20216 QEMU: pvrdma: infinite loop in pvrdma_qp_send/recv",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/19/2"
},
{
"name": "[qemu-devel] 20181213 Re: [PATCH v2 6/6] pvrdma: check return value from pvrdma_idx_ring_has_ routines",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html"
},
{
"name": "106291",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106291"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181219 CVE-2018-20216 QEMU: pvrdma: infinite loop in pvrdma_qp_send/recv",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/12/19/2"
},
{
"name": "[qemu-devel] 20181213 Re: [PATCH v2 6/6] pvrdma: check return value from pvrdma_idx_ring_has_ routines",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html"
},
{
"name": "106291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106291"
},
{
"name": "USN-3923-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3923-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20216",
"datePublished": "2018-12-20T21:00:00",
"dateReserved": "2018-12-18T00:00:00",
"dateUpdated": "2024-08-05T11:58:19.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14394
Vulnerability from cvelistv5
Published
2022-08-17 00:00
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908004"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/646"
},
{
"name": "FEDORA-2022-22b1f8dae2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"
},
{
"name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "QEMU 6.1.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-14T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908004"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/issues/646"
},
{
"name": "FEDORA-2022-22b1f8dae2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"
},
{
"name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14394",
"datePublished": "2022-08-17T00:00:00",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3209
Vulnerability from cvelistv5
Published
2015-06-15 15:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2630-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2630-1"
},
{
"name": "SUSE-SU-2015:1152",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
},
{
"name": "RHSA-2015:1087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1087.html"
},
{
"name": "SUSE-SU-2015:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "FEDORA-2015-10001",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
},
{
"name": "DSA-3286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3286"
},
{
"name": "FEDORA-2015-9978",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html"
},
{
"name": "SUSE-SU-2015:1156",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
},
{
"name": "RHSA-2015:1088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1088.html"
},
{
"name": "RHSA-2015:1089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1089.html"
},
{
"name": "SUSE-SU-2015:1643",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "GLSA-201510-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "SUSE-SU-2015:1206",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html"
},
{
"name": "DSA-3284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3284"
},
{
"name": "75123",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75123"
},
{
"name": "SUSE-SU-2015:1157",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
},
{
"name": "1032545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032545"
},
{
"name": "SUSE-SU-2015:1045",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-135.html"
},
{
"name": "SUSE-SU-2015:1426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "RHSA-2015:1189",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1189.html"
},
{
"name": "SUSE-SU-2015:1042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
},
{
"name": "FEDORA-2015-9965",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
},
{
"name": "DSA-3285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T13:58:46",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2630-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2630-1"
},
{
"name": "SUSE-SU-2015:1152",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
},
{
"name": "RHSA-2015:1087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1087.html"
},
{
"name": "SUSE-SU-2015:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "FEDORA-2015-10001",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160669.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698"
},
{
"name": "DSA-3286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3286"
},
{
"name": "FEDORA-2015-9978",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160677.html"
},
{
"name": "SUSE-SU-2015:1156",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
},
{
"name": "RHSA-2015:1088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1088.html"
},
{
"name": "RHSA-2015:1089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1089.html"
},
{
"name": "SUSE-SU-2015:1643",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "GLSA-201510-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "SUSE-SU-2015:1206",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html"
},
{
"name": "DSA-3284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3284"
},
{
"name": "75123",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75123"
},
{
"name": "SUSE-SU-2015:1157",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
},
{
"name": "1032545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032545"
},
{
"name": "SUSE-SU-2015:1045",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-135.html"
},
{
"name": "SUSE-SU-2015:1426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "RHSA-2015:1189",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1189.html"
},
{
"name": "SUSE-SU-2015:1042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
},
{
"name": "FEDORA-2015-9965",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
},
{
"name": "DSA-3285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3209",
"datePublished": "2015-06-15T15:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4454
Vulnerability from cvelistv5
Published
2016-06-01 22:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/05/30/3 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/90927 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1336429 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160530 CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/3"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[qemu-devel] 20160530 [Qemu-devel] [PATCH 1/4] vmsvga: move fifo sanity checks to vmsvga_fifo_length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html"
},
{
"name": "90927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90927"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336429"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160530 CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/3"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[qemu-devel] 20160530 [Qemu-devel] [PATCH 1/4] vmsvga: move fifo sanity checks to vmsvga_fifo_length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html"
},
{
"name": "90927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90927"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336429"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4454",
"datePublished": "2016-06-01T22:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7155
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/07/1 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/92772 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/09/06/2 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/1"
},
{
"name": "92772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92772"
},
{
"name": "[qemu-devel] 20160901 [PATCH v3] scsi: check page count while initialising descriptor rings",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753"
},
{
"name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/1"
},
{
"name": "92772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92772"
},
{
"name": "[qemu-devel] 20160901 [PATCH v3] scsi: check page count while initialising descriptor rings",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753"
},
{
"name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/1"
},
{
"name": "92772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92772"
},
{
"name": "[qemu-devel] 20160901 [PATCH v3] scsi: check page count while initialising descriptor rings",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753"
},
{
"name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7155",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-09-06T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8910
Vulnerability from cvelistv5
Published
2016-11-04 21:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/10/24/5 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/93844 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/24/2 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161024 Re: CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/5"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93844",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93844"
},
{
"name": "[qemu-devel] 20161024 [PATCH] net: rtl8139: limit processing of ring descript",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html"
},
{
"name": "[oss-security] 20161024 CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161024 Re: CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/5"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93844",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93844"
},
{
"name": "[qemu-devel] 20161024 [PATCH] net: rtl8139: limit processing of ring descript",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html"
},
{
"name": "[oss-security] 20161024 CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8910",
"datePublished": "2016-11-04T21:00:00",
"dateReserved": "2016-10-24T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10029
Vulnerability from cvelistv5
Published
2017-02-27 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=acfc4846508a02cc4c83aa27799fd7 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/12/20/2 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1037526 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/94978 | vdb-entry, x_refsource_BID | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=2fe760554eb3769d70f608a158474f | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/12/22/15 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=acfc4846508a02cc4c83aa27799fd7"
},
{
"name": "[oss-security] 20161220 CVE request Qemu: display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/20/2"
},
{
"name": "1037526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037526"
},
{
"name": "94978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=2fe760554eb3769d70f608a158474f"
},
{
"name": "[oss-security] 20161222 Re: CVE request Qemu: display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/22/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-27T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=acfc4846508a02cc4c83aa27799fd7"
},
{
"name": "[oss-security] 20161220 CVE request Qemu: display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/20/2"
},
{
"name": "1037526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037526"
},
{
"name": "94978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=2fe760554eb3769d70f608a158474f"
},
{
"name": "[oss-security] 20161222 Re: CVE request Qemu: display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/22/15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-10029",
"datePublished": "2017-02-27T22:00:00",
"dateReserved": "2016-12-22T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35505
Vulnerability from cvelistv5
Published
2021-05-28 10:20
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/04/16/3 | mailing-list, x_refsource_MLIST | |
| https://www.openwall.com/lists/oss-security/2021/04/16/3 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1909769 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210713-0006/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909769"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the \u0027Information Transfer\u0027 command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909769"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu 6.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the \u0027Information Transfer\u0027 command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/04/16/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1909769",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909769"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210713-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35505",
"datePublished": "2021-05-28T10:20:48",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0664
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167423"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg01445.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/88288c2a51faa7c795f053fc8b31b1c16ff804c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158"
},
{
"name": "FEDORA-2023-e5a35f7197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEOC7SRJWLZSXCND2ADFW6C76ZMTZLE4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230517-0005/"
},
{
"name": "FEDORA-2023-68df3f4b02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent\u0027s Windows installer via repair custom actions to elevate their privileges on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T02:06:24.520899",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167423"
},
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg01445.html"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/88288c2a51faa7c795f053fc8b31b1c16ff804c5"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158"
},
{
"name": "FEDORA-2023-e5a35f7197",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEOC7SRJWLZSXCND2ADFW6C76ZMTZLE4/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230517-0005/"
},
{
"name": "FEDORA-2023-68df3f4b02",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0664",
"datePublished": "2023-03-29T00:00:00",
"dateReserved": "2023-02-03T00:00:00",
"dateUpdated": "2024-08-02T05:17:50.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9914
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94729 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/06/11 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/12/08/7 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "94729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94729"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "94729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94729"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9914",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13800
Vulnerability from cvelistv5
Published
2020-06-04 15:23
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/06/04/2 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200717-0001/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202011-09 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0001/"
},
{
"name": "openSUSE-SU-2020:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T05:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0001/"
},
{
"name": "openSUSE-SU-2020:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00825.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/06/04/2",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200717-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200717-0001/"
},
{
"name": "openSUSE-SU-2020:1108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800",
"refsource": "MISC",
"url": "https://cve.openeuler.org/cve#/CVEInfo/CVE-2020-13800"
},
{
"name": "GLSA-202011-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13800",
"datePublished": "2020-06-04T15:23:08",
"dateReserved": "2020-06-03T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40360
Vulnerability from cvelistv5
Published
2023-08-14 00:00
Modified
2024-08-02 18:31
Severity ?
EPSS score ?
Summary
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1815"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qemu.org/docs/master/system/security.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T13:06:38.991801",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1815"
},
{
"url": "https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98"
},
{
"url": "https://www.qemu.org/docs/master/system/security.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40360",
"datePublished": "2023-08-14T00:00:00",
"dateReserved": "2023-08-14T00:00:00",
"dateUpdated": "2024-08-02T18:31:53.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3471
Vulnerability from cvelistv5
Published
2018-01-12 17:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/06/23/4 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1112271 | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-201412-01.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/68145 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140623 CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/23/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112271"
},
{
"name": "GLSA-201412-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-01.xml"
},
{
"name": "68145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68145"
},
{
"name": "[qemu-devel] 20140623 PATCH v2 3/3] hw/pcie: better hotplug/hotunplug support",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140623 CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/23/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112271"
},
{
"name": "GLSA-201412-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-01.xml"
},
{
"name": "68145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68145"
},
{
"name": "[qemu-devel] 20140623 PATCH v2 3/3] hw/pcie: better hotplug/hotunplug support",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3471",
"datePublished": "2018-01-12T17:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9912
Vulnerability from cvelistv5
Published
2016-12-23 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/12/08/6 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/94760 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/6"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94760",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in \u0027virtio_gpu_resource_destroy\u0027. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: display: virtio-gpu: memory leakage when destroying gpu resource",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/6"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94760",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94760"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9912",
"datePublished": "2016-12-23T22:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25625
Vulnerability from cvelistv5
Published
2020-09-25 04:12
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/09/17/1 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20201009-0005/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:35.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/17/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
},
{
"name": "[debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/17/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
},
{
"name": "[debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/09/17/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/09/17/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201009-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
},
{
"name": "[debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25625",
"datePublished": "2020-09-25T04:12:07",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:35.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5745
Vulnerability from cvelistv5
Published
2020-01-23 19:35
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/06/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/06/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "before 2.4.0"
}
]
}
],
"datePublic": "2015-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T13:58:41",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/06/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/06/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5745",
"datePublished": "2020-01-23T19:35:16",
"dateReserved": "2015-08-06T00:00:00",
"dateUpdated": "2024-08-06T06:59:04.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9503
Vulnerability from cvelistv5
Published
2017-06-16 22:00
Modified
2024-08-05 17:11
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2017/06/08/1 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/99010 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1459477 | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/08/1"
},
{
"name": "99010",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99010"
},
{
"name": "[qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459477"
},
{
"name": "[qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-26T13:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/08/1"
},
{
"name": "99010",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99010"
},
{
"name": "[qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459477"
},
{
"name": "[qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/08/1"
},
{
"name": "99010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99010"
},
{
"name": "[qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1459477",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459477"
},
{
"name": "[qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9503",
"datePublished": "2017-06-16T22:00:00",
"dateReserved": "2017-06-07T00:00:00",
"dateUpdated": "2024-08-05T17:11:02.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25742
Vulnerability from cvelistv5
Published
2020-10-06 14:18
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html | x_refsource_MISC | |
| https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/09/29/1 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1883178 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T14:18:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html"
},
{
"name": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1",
"refsource": "MISC",
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/09/29/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1883178",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25742",
"datePublished": "2020-10-06T14:18:07",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2212
Vulnerability from cvelistv5
Published
2012-06-21 15:00
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:0919",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0919.html"
},
{
"name": "45170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45170"
},
{
"name": "45354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45354"
},
{
"name": "45301",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45301"
},
{
"name": "DSA-2282",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2011/dsa-2282"
},
{
"name": "45158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45158"
},
{
"name": "openSUSE-SU-2011:0803",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html"
},
{
"name": "45188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45188"
},
{
"name": "74751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/74751"
},
{
"name": "USN-1165-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1165-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713589"
},
{
"name": "45187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45187"
},
{
"name": "SUSE-SU-2011:0806",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/9605323"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to \"virtqueue in and out requests.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:0919",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0919.html"
},
{
"name": "45170",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45170"
},
{
"name": "45354",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45354"
},
{
"name": "45301",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45301"
},
{
"name": "DSA-2282",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2011/dsa-2282"
},
{
"name": "45158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45158"
},
{
"name": "openSUSE-SU-2011:0803",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00007.html"
},
{
"name": "45188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45188"
},
{
"name": "74751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/74751"
},
{
"name": "USN-1165-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1165-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713589"
},
{
"name": "45187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45187"
},
{
"name": "SUSE-SU-2011:0806",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/9605323"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2212",
"datePublished": "2012-06-21T15:00:00",
"dateReserved": "2011-05-31T00:00:00",
"dateUpdated": "2024-08-06T22:53:17.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7116
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03917.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/08/30/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/92680 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=56f101ecce0eafd09e2daf1c4eeb1377d6959261 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/08/30/1 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04231.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20160826 [PATCH v2 0/5] 9P security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03917.html"
},
{
"name": "[oss-security] 20160830 Re: CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/30/3"
},
{
"name": "92680",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92680"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=56f101ecce0eafd09e2daf1c4eeb1377d6959261"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20160830 CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/30/1"
},
{
"name": "[qemu-devel] 20160830 [PATCH v4 0/3] 9pfs security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04231.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20160826 [PATCH v2 0/5] 9P security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03917.html"
},
{
"name": "[oss-security] 20160830 Re: CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/30/3"
},
{
"name": "92680",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92680"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=56f101ecce0eafd09e2daf1c4eeb1377d6959261"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20160830 CVE request: Qemu: 9p: directory traversal flaw in 9p virtio backend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/30/1"
},
{
"name": "[qemu-devel] 20160830 [PATCH v4 0/3] 9pfs security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04231.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7116",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-08-30T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26354
Vulnerability from cvelistv5
Published
2022-03-16 14:02
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220425-0003/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5133 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf"
},
{
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/"
},
{
"name": "DSA-5133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5133"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu-kvm",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affected QEMU versions \u003c= 6.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions \u003c= 6.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:48",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf"
},
{
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/"
},
{
"name": "DSA-5133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5133"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-26354",
"datePublished": "2022-03-16T14:02:34",
"dateReserved": "2022-03-02T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3682
Vulnerability from cvelistv5
Published
2021-08-05 19:51
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1989651 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0006/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2021/dsa-4980 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0006/"
},
{
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"name": "DSA-4980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 6.1.0-rc2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-763",
"description": "CWE-763",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:31",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210902-0006/"
},
{
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"name": "DSA-4980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu 6.1.0-rc2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-763"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1989651",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989651"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210902-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210902-0006/"
},
{
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"name": "DSA-4980",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3682",
"datePublished": "2021-08-05T19:51:26",
"dateReserved": "2021-08-04T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9824
Vulnerability from cvelistv5
Published
2019-06-03 20:50
Modified
2024-08-04 22:01
Severity ?
EPSS score ?
Summary
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2019:1650 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/ | vendor-advisory, x_refsource_FEDORA | |
| https://access.redhat.com/errata/RHSA-2019:2078 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:2425 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:2553 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:3345 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html"
},
{
"name": "RHSA-2019:1650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1650"
},
{
"name": "FEDORA-2019-52a8f5468e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "RHSA-2019:2078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2078"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"name": "RHSA-2019:3345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html"
},
{
"name": "RHSA-2019:1650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1650"
},
{
"name": "FEDORA-2019-52a8f5468e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "RHSA-2019:2078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2078"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"name": "RHSA-2019:3345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3345"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html"
},
{
"name": "RHSA-2019:1650",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1650"
},
{
"name": "FEDORA-2019-52a8f5468e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "RHSA-2019:2078",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2078"
},
{
"name": "RHSA-2019:2425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"name": "RHSA-2019:3345",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3345"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9824",
"datePublished": "2019-06-03T20:50:39",
"dateReserved": "2019-03-14T00:00:00",
"dateUpdated": "2024-08-04T22:01:54.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0182
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0743.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0744.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0182",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20203
Vulnerability from cvelistv5
Published
2021-02-25 19:09
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1922441 | x_refsource_MISC | |
| https://bugs.launchpad.net/qemu/+bug/1913873 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922441"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1913873"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions up to v5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922441"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1913873"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20203",
"datePublished": "2021-02-25T19:09:46",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1751
Vulnerability from cvelistv5
Published
2012-06-21 15:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/05/19/2"
},
{
"name": "RHSA-2011:0534",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0534.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=505597e4476a6bc219d0ec1362b760d71cb4fdca"
},
{
"name": "44648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44648"
},
{
"name": "73395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73395"
},
{
"name": "44393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44393"
},
{
"name": "44658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44658"
},
{
"name": "SUSE-SU-2011:0533",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/8572547"
},
{
"name": "[Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html"
},
{
"name": "47927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nelhage/virtunoid"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=699773"
},
{
"name": "44458",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44458"
},
{
"name": "44660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.nelhage.com/2011/08/breaking-out-of-kvm/"
},
{
"name": "USN-1145-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/USN-1145-1/"
},
{
"name": "44900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44900"
},
{
"name": "openSUSE-SU-2011:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to \"active qemu timers.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110519 CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/05/19/2"
},
{
"name": "RHSA-2011:0534",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0534.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=505597e4476a6bc219d0ec1362b760d71cb4fdca"
},
{
"name": "44648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44648"
},
{
"name": "73395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73395"
},
{
"name": "44393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44393"
},
{
"name": "44658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44658"
},
{
"name": "SUSE-SU-2011:0533",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/8572547"
},
{
"name": "[Qemu-devel] 20110519 [PATCH] Ignore pci unplug requests for unpluggable devices",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2011-05/msg01810.html"
},
{
"name": "47927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nelhage/virtunoid"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=699773"
},
{
"name": "44458",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44458"
},
{
"name": "44660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.nelhage.com/2011/08/breaking-out-of-kvm/"
},
{
"name": "USN-1145-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/USN-1145-1/"
},
{
"name": "44900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44900"
},
{
"name": "openSUSE-SU-2011:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1751",
"datePublished": "2012-06-21T15:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19665
Vulnerability from cvelistv5
Published
2018-12-06 23:00
Modified
2024-08-05 11:44
Severity ?
EPSS score ?
Summary
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/106050 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2018/11/29/1 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20181119 [PATCH v2] bt: use size_t type for length parameters instead of int",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html"
},
{
"name": "106050",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106050"
},
{
"name": "[oss-security] 20181129 CVE-2018-19665 Qemu: bt: integer overflow in Bluetooth routines allows memory corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/11/29/1"
},
{
"name": "openSUSE-SU-2019:1226",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-17T20:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[qemu-devel] 20181119 [PATCH v2] bt: use size_t type for length parameters instead of int",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html"
},
{
"name": "106050",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106050"
},
{
"name": "[oss-security] 20181129 CVE-2018-19665 Qemu: bt: integer overflow in Bluetooth routines allows memory corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/11/29/1"
},
{
"name": "openSUSE-SU-2019:1226",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20181119 [PATCH v2] bt: use size_t type for length parameters instead of int",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html"
},
{
"name": "106050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106050"
},
{
"name": "[oss-security] 20181129 CVE-2018-19665 Qemu: bt: integer overflow in Bluetooth routines allows memory corruption",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/11/29/1"
},
{
"name": "openSUSE-SU-2019:1226",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19665",
"datePublished": "2018-12-06T23:00:00",
"dateReserved": "2018-11-29T00:00:00",
"dateUpdated": "2024-08-05T11:44:19.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5225
Vulnerability from cvelistv5
Published
2015-11-06 21:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-deve] 20150915 [ANNOUNCE] QEMU 2.4.0.1 CVE update released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"name": "[Qemu-devel] 20150821 [PATCH] vnc: fix memory corruption (CVE-2015-5225)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html"
},
{
"name": "RHSA-2015:1837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1837.html"
},
{
"name": "FEDORA-2015-14783",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html"
},
{
"name": "DSA-3348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "FEDORA-2015-16368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"name": "RHSA-2015:1772",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1772.html"
},
{
"name": "1033547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033547"
},
{
"name": "[oss-security] 20150822 CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/6"
},
{
"name": "76506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76506"
},
{
"name": "FEDORA-2015-15364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-deve] 20150915 [ANNOUNCE] QEMU 2.4.0.1 CVE update released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"name": "[Qemu-devel] 20150821 [PATCH] vnc: fix memory corruption (CVE-2015-5225)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html"
},
{
"name": "RHSA-2015:1837",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1837.html"
},
{
"name": "FEDORA-2015-14783",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html"
},
{
"name": "DSA-3348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "FEDORA-2015-16368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"name": "RHSA-2015:1772",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1772.html"
},
{
"name": "1033547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033547"
},
{
"name": "[oss-security] 20150822 CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/6"
},
{
"name": "76506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76506"
},
{
"name": "FEDORA-2015-15364",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5225",
"datePublished": "2015-11-06T21:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8745
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034575 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/79822 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/01/04/7 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/01/04/4 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c6048f849c7e3f009786df76206e895 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1270876 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:21.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1034575",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034575"
},
{
"name": "79822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79822"
},
{
"name": "[oss-security] 20160104 Re: CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/7"
},
{
"name": "[oss-security] 20160104 CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c6048f849c7e3f009786df76206e895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1270876"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1034575",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034575"
},
{
"name": "79822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79822"
},
{
"name": "[oss-security] 20160104 Re: CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/7"
},
{
"name": "[oss-security] 20160104 CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/04/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c6048f849c7e3f009786df76206e895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1270876"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8745",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-06T08:29:21.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20191
Vulnerability from cvelistv5
Published
2018-12-20 22:00
Modified
2024-08-05 11:58
Severity ?
EPSS score ?
Summary
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106276 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2018/12/18/1 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/3923-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106276"
},
{
"name": "[oss-security] 20181218 CVE-2018-20191 QEMU: pvrdma: uar_read leads to NULL dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/18/1"
},
{
"name": "[qemu-devel] 20181213 Re: [PATCH v2 2/6] pvrdma: add uar_read routine",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-28T19:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106276"
},
{
"name": "[oss-security] 20181218 CVE-2018-20191 QEMU: pvrdma: uar_read leads to NULL dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/18/1"
},
{
"name": "[qemu-devel] 20181213 Re: [PATCH v2 2/6] pvrdma: add uar_read routine",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106276"
},
{
"name": "[oss-security] 20181218 CVE-2018-20191 QEMU: pvrdma: uar_read leads to NULL dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/12/18/1"
},
{
"name": "[qemu-devel] 20181213 Re: [PATCH v2 2/6] pvrdma: add uar_read routine",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html"
},
{
"name": "FEDORA-2019-88a98ce795",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20191",
"datePublished": "2018-12-20T22:00:00",
"dateReserved": "2018-12-17T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0741
Vulnerability from cvelistv5
Published
2010-04-12 18:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023798",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023798"
},
{
"name": "RHSA-2010:0476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0476.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/qemu-kvm/+bug/458521"
},
{
"name": "ADV-2010-0760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0760"
},
{
"name": "[qemu-devel] 20091029 Re: qemu-kvm-0.11 regression, crashes on older guests with virtio network",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2009-10/msg02480.html"
},
{
"name": "oval:org.mitre.oval:def:11143",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchwork.kernel.org/patch/56479/"
},
{
"name": "[qemu-devel] 20091029 [PATCH] whitelist host virtio networking features [was Re: qemu-kvm-0.11 regression, crashes on older ...]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2009-10/msg02495.html"
},
{
"name": "RHSA-2010:0271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0271.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=184bd0484533b725194fa517ddc271ffd74da7c9"
},
{
"name": "[oss-security] 20100329 CVE-2010-0741 qemu: Improper handling of erroneous data provided by Linux virtio-net driver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/03/29/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=577218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1023798",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023798"
},
{
"name": "RHSA-2010:0476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0476.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/qemu-kvm/+bug/458521"
},
{
"name": "ADV-2010-0760",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0760"
},
{
"name": "[qemu-devel] 20091029 Re: qemu-kvm-0.11 regression, crashes on older guests with virtio network",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2009-10/msg02480.html"
},
{
"name": "oval:org.mitre.oval:def:11143",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchwork.kernel.org/patch/56479/"
},
{
"name": "[qemu-devel] 20091029 [PATCH] whitelist host virtio networking features [was Re: qemu-kvm-0.11 regression, crashes on older ...]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2009-10/msg02495.html"
},
{
"name": "RHSA-2010:0271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0271.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=184bd0484533b725194fa517ddc271ffd74da7c9"
},
{
"name": "[oss-security] 20100329 CVE-2010-0741 qemu: Improper handling of erroneous data provided by Linux virtio-net driver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/03/29/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=577218"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0741",
"datePublished": "2010-04-12T18:00:00",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6505
Vulnerability from cvelistv5
Published
2017-03-15 14:00
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1429432 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201704-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/96611 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/03/06/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:19.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429432"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "96611",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96611"
},
{
"name": "[oss-security] 20170306 CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/06/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429432"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "96611",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96611"
},
{
"name": "[oss-security] 20170306 CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/06/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1429432",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429432"
},
{
"name": "GLSA-201704-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "96611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96611"
},
{
"name": "[oss-security] 20170306 CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/06/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6505",
"datePublished": "2017-03-15T14:00:00",
"dateReserved": "2017-03-06T00:00:00",
"dateUpdated": "2024-08-05T15:33:19.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16872
Vulnerability from cvelistv5
Published
2018-12-13 21:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/106212 | vdb-entry, x_refsource_BID | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/3923-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/ | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html | vendor-advisory, x_refsource_SUSE | |
| https://www.debian.org/security/2019/dsa-4454 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/May/76 | mailing-list, x_refsource_BUGTRAQ | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16872 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html"
},
{
"name": "106212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106212"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16872"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU:",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn\u0027t consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:57",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html"
},
{
"name": "106212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106212"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16872"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16872",
"datePublished": "2018-12-13T21:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:32:54.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9373
Vulnerability from cvelistv5
Published
2017-06-16 22:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3920 | vendor-advisory, x_refsource_DEBIAN | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d68f0f778e7f4fbd674627274267f269e40f0b04 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/98921 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1458270 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/06/05/1 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3920",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d68f0f778e7f4fbd674627274267f269e40f0b04"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "98921",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98921"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458270"
},
{
"name": "[oss-security] 20170605 CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/05/1"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3920",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d68f0f778e7f4fbd674627274267f269e40f0b04"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "98921",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98921"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458270"
},
{
"name": "[oss-security] 20170605 CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/05/1"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3920",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=d68f0f778e7f4fbd674627274267f269e40f0b04",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=d68f0f778e7f4fbd674627274267f269e40f0b04"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "98921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98921"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1458270",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458270"
},
{
"name": "[oss-security] 20170605 CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/05/1"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9373",
"datePublished": "2017-06-16T22:00:00",
"dateReserved": "2017-06-02T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0928
Vulnerability from cvelistv5
Published
2008-03-03 22:00
Modified
2024-08-07 08:01
Severity ?
EPSS score ?
Summary
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-1993",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html"
},
{
"name": "FEDORA-2008-1995",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html"
},
{
"name": "RHSA-2008:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
},
{
"name": "FEDORA-2008-2057",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html"
},
{
"name": "FEDORA-2008-2083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433560"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "MDVSA-2009:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:016"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "[debian-security] 20080219 qemu unchecked block read/write vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=debian-security\u0026m=120343592917055\u0026w=2"
},
{
"name": "FEDORA-2008-2001",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html"
},
{
"name": "FEDORA-2008-1973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html"
},
{
"name": "29963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29963"
},
{
"name": "oval:org.mitre.oval:def:9706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "28001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28001"
},
{
"name": "DSA-1799",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "29136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29136"
},
{
"name": "35031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35031"
},
{
"name": "29081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29081"
},
{
"name": "29172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2008-1993",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html"
},
{
"name": "FEDORA-2008-1995",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html"
},
{
"name": "RHSA-2008:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
},
{
"name": "FEDORA-2008-2057",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html"
},
{
"name": "FEDORA-2008-2083",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433560"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "MDVSA-2009:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:016"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "[debian-security] 20080219 qemu unchecked block read/write vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=debian-security\u0026m=120343592917055\u0026w=2"
},
{
"name": "FEDORA-2008-2001",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html"
},
{
"name": "FEDORA-2008-1973",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html"
},
{
"name": "29963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29963"
},
{
"name": "oval:org.mitre.oval:def:9706",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "28001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28001"
},
{
"name": "DSA-1799",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "29136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29136"
},
{
"name": "35031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35031"
},
{
"name": "29081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29081"
},
{
"name": "29172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-1993",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html"
},
{
"name": "FEDORA-2008-1995",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html"
},
{
"name": "RHSA-2008:0194",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
},
{
"name": "FEDORA-2008-2057",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html"
},
{
"name": "FEDORA-2008-2083",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=433560",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=433560"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "MDVSA-2009:016",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:016"
},
{
"name": "MDVSA-2008:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "[debian-security] 20080219 qemu unchecked block read/write vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=debian-security\u0026m=120343592917055\u0026w=2"
},
{
"name": "FEDORA-2008-2001",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html"
},
{
"name": "FEDORA-2008-1973",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html"
},
{
"name": "29963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29963"
},
{
"name": "oval:org.mitre.oval:def:9706",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "28001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28001"
},
{
"name": "DSA-1799",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "29136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29136"
},
{
"name": "35031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35031"
},
{
"name": "29081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29081"
},
{
"name": "29172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0928",
"datePublished": "2008-03-03T22:00:00",
"dateReserved": "2008-02-25T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18849
Vulnerability from cvelistv5
Published
2019-03-17 19:56
Modified
2024-08-05 11:23
Severity ?
EPSS score ?
Summary
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "FEDORA-2018-87f2ace20d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQIBTGNRDQEXGAAYHE4JIWFAYFNHZ6QP/"
},
{
"name": "openSUSE-SU-2018:4111",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00028.html"
},
{
"name": "openSUSE-SU-2018:4147",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html"
},
{
"name": "openSUSE-SU-2018:4004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/11/01/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06401.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0006/"
},
{
"name": "[debian-lts-announce] 20190509 [SECURITY] [DLA 1781-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T13:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "FEDORA-2018-87f2ace20d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQIBTGNRDQEXGAAYHE4JIWFAYFNHZ6QP/"
},
{
"name": "openSUSE-SU-2018:4111",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00028.html"
},
{
"name": "openSUSE-SU-2018:4147",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html"
},
{
"name": "openSUSE-SU-2018:4004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2018/11/01/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06401.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0006/"
},
{
"name": "[debian-lts-announce] 20190509 [SECURITY] [DLA 1781-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "FEDORA-2018-87f2ace20d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQIBTGNRDQEXGAAYHE4JIWFAYFNHZ6QP/"
},
{
"name": "openSUSE-SU-2018:4111",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00028.html"
},
{
"name": "openSUSE-SU-2018:4147",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html"
},
{
"name": "openSUSE-SU-2018:4004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/11/01/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/11/01/1"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06401.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06401.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190411-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190411-0006/"
},
{
"name": "[debian-lts-announce] 20190509 [SECURITY] [DLA 1781-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html"
},
{
"name": "DSA-4454",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/76"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18849",
"datePublished": "2019-03-17T19:56:41",
"dateReserved": "2018-10-30T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4135
Vulnerability from cvelistv5
Published
2023-08-04 13:19
Modified
2024-08-02 07:17
Severity ?
EPSS score ?
Summary
Out-of-bounds read information disclosure vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4135 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2229101 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20230915-0012/ | ||
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521 |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4135"
},
{
"name": "RHBZ#2229101",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu-kvm",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "8.1.0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue."
}
],
"datePublic": "2023-08-03T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:32:54.867Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4135"
},
{
"name": "RHBZ#2229101",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0012/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-03T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-03T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Out-of-bounds read information disclosure vulnerability",
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4135",
"datePublished": "2023-08-04T13:19:15.760Z",
"dateReserved": "2023-08-03T09:52:00.316Z",
"dateUpdated": "2024-08-02T07:17:11.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20175
Vulnerability from cvelistv5
Published
2019-12-31 03:27
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html | x_refsource_MISC | |
| https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html | x_refsource_MISC | |
| https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html | x_refsource_MISC | |
| https://www.mail-archive.com/qemu-devel%40nongnu.org/msg667396.html | x_refsource_MISC | |
| https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-20175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T19:35:51.638983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:36:00.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg667396.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a \"privileged guest user has many ways to cause similar DoS effect, without triggering this assert."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T03:27:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg667396.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a \"privileged guest user has many ways to cause similar DoS effect, without triggering this assert.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html"
},
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html"
},
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html"
},
{
"name": "https://www.mail-archive.com/qemu-devel@nongnu.org/msg667396.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/qemu-devel@nongnu.org/msg667396.html"
},
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20175",
"datePublished": "2019-12-31T03:27:40",
"dateReserved": "2019-12-31T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-42467
Vulnerability from cvelistv5
Published
2023-09-11 00:00
Modified
2024-09-26 17:36
Severity ?
EPSS score ?
Summary
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:39.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1813"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231103-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42467",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:36:22.156086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:36:32.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s-\u003eqdev.blocksize from being 256. This stops QEMU and the guest immediately."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-04T05:07:18.246208",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1813"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0005/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42467",
"datePublished": "2023-09-11T00:00:00",
"dateReserved": "2023-09-11T00:00:00",
"dateUpdated": "2024-09-26T17:36:32.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4540
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52f91c3723932f8340fe36c8ec8b18a757c37b2b | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1281",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "openSUSE-SU-2014:1279",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52f91c3723932f8340fe36c8ec8b18a757c37b2b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-24T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:1281",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "openSUSE-SU-2014:1279",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=52f91c3723932f8340fe36c8ec8b18a757c37b2b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4540",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7995
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b16c129daf0fed91febbb88de23dae8271c8898a | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/10/07/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/08/4 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93454 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20160926 Re: [PATCH] usb: ehci: fix memory leak in ehci_process_itd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b16c129daf0fed91febbb88de23dae8271c8898a"
},
{
"name": "[oss-security] 20161007 CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/3"
},
{
"name": "[oss-security] 20161008 Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/4"
},
{
"name": "93454",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93454"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20160926 Re: [PATCH] usb: ehci: fix memory leak in ehci_process_itd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b16c129daf0fed91febbb88de23dae8271c8898a"
},
{
"name": "[oss-security] 20161007 CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/3"
},
{
"name": "[oss-security] 20161008 Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/4"
},
{
"name": "93454",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93454"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7995",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8669
Vulnerability from cvelistv5
Published
2016-11-04 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3592fe0c919cf27a81d8e9f9b4f269553418bb01 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/10/14/9 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/93563 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/10/15/5 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3592fe0c919cf27a81d8e9f9b4f269553418bb01"
},
{
"name": "[oss-security] 20161014 CVE request Qemu: char: divide by zero error in serial_update_parameters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/14/9"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93563",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93563"
},
{
"name": "[oss-security] 20161015 Re: CVE request Qemu: char: divide by zero error in serial_update_parameters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/15/5"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3592fe0c919cf27a81d8e9f9b4f269553418bb01"
},
{
"name": "[oss-security] 20161014 CVE request Qemu: char: divide by zero error in serial_update_parameters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/14/9"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93563",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93563"
},
{
"name": "[oss-security] 20161015 Re: CVE request Qemu: char: divide by zero error in serial_update_parameters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/15/5"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8669",
"datePublished": "2016-11-04T21:00:00",
"dateReserved": "2016-10-15T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6683
Vulnerability from cvelistv5
Published
2024-01-12 19:01
Modified
2024-11-15 15:14
Severity ?
EPSS score ?
Summary
Qemu: vnc: null pointer dereference in qemu_clipboard_request()
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:2135 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2962 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-6683 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2254825 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-13T20:19:24.320866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T20:19:31.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:15.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2135"
},
{
"name": "RHSA-2024:2962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2962"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6683"
},
{
"name": "RHBZ#2254825",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254825"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240223-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "virt-devel:rhel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240314161907.e155f54d",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "virt:rhel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240314161907.e155f54d",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "17:8.2.0-11.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Fiona Ebner (Proxmox) and Markus Frank (Proxmox) for reporting this issue."
}
],
"datePublic": "2024-01-12T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:14:42.593Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2135"
},
{
"name": "RHSA-2024:2962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2962"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6683"
},
{
"name": "RHBZ#2254825",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254825"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-11T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: vnc: null pointer dereference in qemu_clipboard_request()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6683",
"datePublished": "2024-01-12T19:01:25.542Z",
"dateReserved": "2023-12-11T14:45:48.417Z",
"dateUpdated": "2024-11-15T15:14:42.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14167
Vulnerability from cvelistv5
Published
2017-09-08 18:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100694"
},
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-3991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[oss-security] 20170907 CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/09/07/2"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "RHSA-2017:3368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3368"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "[qemu-devel] 20170905 [PATCH] multiboot: validate multiboot header address values",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01032.html"
},
{
"name": "RHSA-2017:3369",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3369"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100694"
},
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-3991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[oss-security] 20170907 CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/09/07/2"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "RHSA-2017:3368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3368"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "[qemu-devel] 20170905 [PATCH] multiboot: validate multiboot header address values",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01032.html"
},
{
"name": "RHSA-2017:3369",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3369"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100694"
},
{
"name": "RHSA-2017:3473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-3991",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2017:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[oss-security] 20170907 CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/09/07/2"
},
{
"name": "RHSA-2017:3471",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "RHSA-2017:3368",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3368"
},
{
"name": "RHSA-2017:3466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "[qemu-devel] 20170905 [PATCH] multiboot: validate multiboot header address values",
"refsource": "MLIST",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01032.html"
},
{
"name": "RHSA-2017:3369",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3369"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14167",
"datePublished": "2017-09-08T18:00:00",
"dateReserved": "2017-09-06T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4206
Vulnerability from cvelistv5
Published
2022-04-29 16:19
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2036998 | x_refsource_MISC | |
| https://starlabs.sg/advisories/21-4206/ | x_refsource_MISC | |
| https://www.debian.org/security/2022/dsa-5133 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036998"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/21-4206/"
},
{
"name": "DSA-5133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5133"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu-kvm 7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190-\u003eCWE-131-\u003eCWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:29",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036998"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/21-4206/"
},
{
"name": "DSA-5133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5133"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-4206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu-kvm 7.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190-\u003eCWE-131-\u003eCWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2036998",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036998"
},
{
"name": "https://starlabs.sg/advisories/21-4206/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/21-4206/"
},
{
"name": "DSA-5133",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5133"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4206",
"datePublished": "2022-04-29T16:19:09",
"dateReserved": "2022-01-13T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6834
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92446 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/08/18/7 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/08/11/8 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05"
},
{
"name": "92446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92446"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[oss-security] 20160817 Re: CVE request Qemu: an infinite loop during packet fragmentation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/7"
},
{
"name": "[qemu-devel] 20160809 [PULL 1/3] net: check fragment length during fragmentation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html"
},
{
"name": "[oss-security] 20160812 CVE request Qemu: an infinite loop during packet fragmentation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/8"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05"
},
{
"name": "92446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92446"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[oss-security] 20160817 Re: CVE request Qemu: an infinite loop during packet fragmentation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/7"
},
{
"name": "[qemu-devel] 20160809 [PULL 1/3] net: check fragment length during fragmentation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html"
},
{
"name": "[oss-security] 20160812 CVE request Qemu: an infinite loop during packet fragmentation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/8"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6834",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-08-17T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6888
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92556 | vdb-entry, x_refsource_BID | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=47882fa4975bf0b58dd74474329fdd7154e8f04c | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/08/19/6 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/08/19/10 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92556"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=47882fa4975bf0b58dd74474329fdd7154e8f04c"
},
{
"name": "[oss-security] 20160819 CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/19/6"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160818 [PULL 1/2] net: vmxnet: use g_new for pkt initialisation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html"
},
{
"name": "[oss-security] 20160819 Re: CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/19/10"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92556"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=47882fa4975bf0b58dd74474329fdd7154e8f04c"
},
{
"name": "[oss-security] 20160819 CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/19/6"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160818 [PULL 1/2] net: vmxnet: use g_new for pkt initialisation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html"
},
{
"name": "[oss-security] 20160819 Re: CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/19/10"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92556"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c"
},
{
"name": "[oss-security] 20160819 CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/19/6"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160818 [PULL 1/2] net: vmxnet: use g_new for pkt initialisation",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html"
},
{
"name": "[oss-security] 20160819 Re: CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/19/10"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6888",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-08-19T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9060
Vulnerability from cvelistv5
Published
2017-06-01 16:00
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/98632 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/05/19/1 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=dd248ed7e204ee8a1873914e02b8b526e8f1b80d | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1452597 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98632"
},
{
"name": "[oss-security] 20170519 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/19/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=dd248ed7e204ee8a1873914e02b8b526e8f1b80d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of \"VIRTIO_GPU_CMD_SET_SCANOUT:\" commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98632"
},
{
"name": "[oss-security] 20170519 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/19/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=dd248ed7e204ee8a1873914e02b8b526e8f1b80d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452597"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of \"VIRTIO_GPU_CMD_SET_SCANOUT:\" commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98632"
},
{
"name": "[oss-security] 20170519 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/19/1"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1452597",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452597"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9060",
"datePublished": "2017-06-01T16:00:00",
"dateReserved": "2017-05-18T00:00:00",
"dateUpdated": "2024-08-05T16:55:22.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1386
Vulnerability from cvelistv5
Published
2023-07-24 15:19
Modified
2024-09-25 19:57
Severity ?
EPSS score ?
Summary
Qemu: 9pfs: suid/sgid bits not dropped on file write
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-1386 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2223985 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/advisories/GHSA-ppj8-867g-rgjr | ||
| https://github.com/v9fs/linux/issues/29 | ||
| https://security.netapp.com/advisory/ntap-20230831-0005/ |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1386"
},
{
"name": "RHBZ#2223985",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223985"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-ppj8-867g-rgjr"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/v9fs/linux/issues/29"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:57:40.931519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:57:50.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-03-07T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T17:34:27.317Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1386"
},
{
"name": "RHBZ#2223985",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223985"
},
{
"url": "https://github.com/advisories/GHSA-ppj8-867g-rgjr"
},
{
"url": "https://github.com/v9fs/linux/issues/29"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0005/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-01T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-03-07T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: 9pfs: suid/sgid bits not dropped on file write",
"x_redhatCweChain": "CWE-281: Improper Preservation of Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1386",
"datePublished": "2023-07-24T15:19:25.843Z",
"dateReserved": "2023-03-14T10:31:59.556Z",
"dateUpdated": "2024-09-25T19:57:50.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4172
Vulnerability from cvelistv5
Published
2022-11-29 00:00
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | QEMU (ACPI ERST) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:48.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1268"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/defb7098"
},
{
"name": "FEDORA-2022-22b1f8dae2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0013/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU (ACPI ERST)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affected: 7.0.0, Fixed: 7.2.0-rc0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120, CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de/"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1268"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/defb7098"
},
{
"name": "FEDORA-2022-22b1f8dae2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0013/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4172",
"datePublished": "2022-11-29T00:00:00",
"dateReserved": "2022-11-28T00:00:00",
"dateUpdated": "2024-08-03T01:34:48.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3638
Vulnerability from cvelistv5
Published
2022-03-03 00:00
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979858"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3638"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220407-0003/"
},
{
"name": "FEDORA-2022-22b1f8dae2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"
},
{
"name": "FEDORA-2023-c8a60f6f80",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects qemu v4.0 to v6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 - Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-19T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979858"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3638"
},
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220407-0003/"
},
{
"name": "FEDORA-2022-22b1f8dae2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"
},
{
"name": "FEDORA-2023-c8a60f6f80",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3638",
"datePublished": "2022-03-03T00:00:00",
"dateReserved": "2021-07-08T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9846
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/12/05/23 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/12/05/18 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94765 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161205 Re: CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/23"
},
{
"name": "[oss-security] 20161205 CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/18"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[qemu-devel] 20161101 [PATCH] virtio-gpu: fix memory leak in update_cursor_data_virgl",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html"
},
{
"name": "94765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94765"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161205 Re: CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/23"
},
{
"name": "[oss-security] 20161205 CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/18"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[qemu-devel] 20161101 [PATCH] virtio-gpu: fix memory leak in update_cursor_data_virgl",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html"
},
{
"name": "94765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94765"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9846",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12929
Vulnerability from cvelistv5
Published
2019-06-24 10:07
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue
References
| ▼ | URL | Tags |
|---|---|---|
| https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU\u0027s -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T15:35:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU\u0027s -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929/",
"refsource": "MISC",
"url": "https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12929",
"datePublished": "2019-06-24T10:07:43",
"dateReserved": "2019-06-20T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0145
Vulnerability from cvelistv5
Published
2017-08-10 15:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0420.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-0421.html | vendor-advisory, x_refsource_REDHAT | |
| https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html | x_refsource_MISC | |
| http://www.debian.org/security/2014/dsa-3044 | vendor-advisory, x_refsource_DEBIAN | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1078885 | x_refsource_CONFIRM | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/03/26/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6"
},
{
"name": "RHSA-2014:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b"
},
{
"name": "[oss-security] 20140326 QEMU image format input validation fixes (multiple CVEs)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f0dce23475b5af5da6b17b97c1765271307734b6"
},
{
"name": "RHSA-2014:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c165f7758009a4f793c1fc19ebb69cf55313450b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c05e4667be91b46ab42b5a11babf8e84d476cc6b"
},
{
"name": "[oss-security] 20140326 QEMU image format input validation fixes (multiple CVEs)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0145",
"datePublished": "2017-08-10T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5526
Vulnerability from cvelistv5
Published
2017-03-15 15:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2017/01/18/8 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/95669 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/01/18/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in es1370 device",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/8"
},
{
"name": "95669",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95669"
},
{
"name": "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in es1370 device",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in es1370 device",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/8"
},
{
"name": "95669",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95669"
},
{
"name": "[oss-security] 20170118 CVE request Qemu: audio: memory leakage in es1370 device",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/18/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-5526",
"datePublished": "2017-03-15T15:00:00",
"dateReserved": "2017-01-18T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3929
Vulnerability from cvelistv5
Published
2022-08-25 19:36
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/qemu-project/qemu/-/issues/556 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2020298 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2021-3929 | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/issues/782 | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHNN7QJCEQH7AQG5AQP2GEFAQE6K635I/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020298"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/782"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385"
},
{
"name": "FEDORA-2022-f0a2695054",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHNN7QJCEQH7AQG5AQP2GEFAQE6K635I/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in qemu-kvm 7.0.0-rc0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 - Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-23T02:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020298"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/782"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385"
},
{
"name": "FEDORA-2022-f0a2695054",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHNN7QJCEQH7AQG5AQP2GEFAQE6K635I/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "Fixed in qemu-kvm 7.0.0-rc0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 - Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/qemu-project/qemu/-/issues/556",
"refsource": "MISC",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/556"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2020298",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020298"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-3929",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2021-3929"
},
{
"name": "https://gitlab.com/qemu-project/qemu/-/issues/782",
"refsource": "MISC",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/782"
},
{
"name": "https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385",
"refsource": "MISC",
"url": "https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385"
},
{
"name": "FEDORA-2022-f0a2695054",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHNN7QJCEQH7AQG5AQP2GEFAQE6K635I/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3929",
"datePublished": "2022-08-25T19:36:36",
"dateReserved": "2021-11-05T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5154
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76048",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-138.html"
},
{
"name": "SUSE-SU-2015:1643",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "GLSA-201510-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "1033074",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033074"
},
{
"name": "DSA-3348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "SUSE-SU-2015:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "RHSA-2015:1508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
},
{
"name": "RHSA-2015:1507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
},
{
"name": "FEDORA-2015-12714",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html"
},
{
"name": "RHSA-2015:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
},
{
"name": "SUSE-SU-2015:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html"
},
{
"name": "SUSE-SU-2015:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html"
},
{
"name": "SUSE-SU-2015:1426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"name": "FEDORA-2015-12657",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html"
},
{
"name": "SUSE-SU-2015:1421",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "SUSE-SU-2015:1302",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html"
},
{
"name": "SUSE-SU-2015:1409",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX201593"
},
{
"name": "FEDORA-2015-12679",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-27T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "76048",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-138.html"
},
{
"name": "SUSE-SU-2015:1643",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "GLSA-201510-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "1033074",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033074"
},
{
"name": "DSA-3348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "SUSE-SU-2015:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "RHSA-2015:1508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
},
{
"name": "RHSA-2015:1507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
},
{
"name": "FEDORA-2015-12714",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html"
},
{
"name": "RHSA-2015:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
},
{
"name": "SUSE-SU-2015:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html"
},
{
"name": "SUSE-SU-2015:1299",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html"
},
{
"name": "SUSE-SU-2015:1426",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"name": "FEDORA-2015-12657",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html"
},
{
"name": "SUSE-SU-2015:1421",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "SUSE-SU-2015:1302",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html"
},
{
"name": "SUSE-SU-2015:1409",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX201593"
},
{
"name": "FEDORA-2015-12679",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5154",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4144
Vulnerability from cvelistv5
Published
2022-11-29 00:00
Modified
2024-08-03 01:27
Severity ?
EPSS score ?
Summary
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | QEMU (QXL device) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148506"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html"
},
{
"name": "FEDORA-2022-22b1f8dae2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"
},
{
"name": "FEDORA-2023-c8a60f6f80",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0012/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU (QXL device)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "affects versions up to latest v7.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-27T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148506"
},
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html"
},
{
"name": "FEDORA-2022-22b1f8dae2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O/"
},
{
"name": "FEDORA-2023-c8a60f6f80",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0012/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4144",
"datePublished": "2022-11-29T00:00:00",
"dateReserved": "2022-11-25T00:00:00",
"dateUpdated": "2024-08-03T01:27:54.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1322
Vulnerability from cvelistv5
Published
2007-05-02 17:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34043 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/23731 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2007/dsa-1284 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/25073 | third-party-advisory, x_refsource_SECUNIA | |
| http://taviso.decsystem.org/virtsec.pdf | x_refsource_MISC | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 | vendor-advisory, x_refsource_MANDRIVA | |
| http://osvdb.org/35496 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/1597 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/29129 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/25095 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "qemu-icebp-dos(34043)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34043"
},
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "35496",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35496"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "qemu-icebp-dos(34043)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34043"
},
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "35496",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35496"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "qemu-icebp-dos(34043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34043"
},
{
"name": "23731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "DSA-1284",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25073"
},
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "MDVSA-2008:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "35496",
"refsource": "OSVDB",
"url": "http://osvdb.org/35496"
},
{
"name": "ADV-2007-1597",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1322",
"datePublished": "2007-05-02T17:00:00",
"dateReserved": "2007-03-07T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4441
Vulnerability from cvelistv5
Published
2016-05-20 14:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1337505 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/05/19/4 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/90762 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20160519 [PATCH 2/2] scsi: check dma length before reading scsi command(CVE-2016-4441)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html"
},
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337505"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160519 CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to \u0027s-cmdbuf\u0027 in get_cmd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/19/4"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "90762",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20160519 [PATCH 2/2] scsi: check dma length before reading scsi command(CVE-2016-4441)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html"
},
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337505"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160519 CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to \u0027s-cmdbuf\u0027 in get_cmd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/19/4"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "90762",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90762"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4441",
"datePublished": "2016-05-20T14:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3582
Vulnerability from cvelistv5
Published
2022-03-25 18:02
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1966266 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220429-0003/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966266"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0003/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 2.17.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device. The issue occurs while handling a \"PVRDMA_CMD_CREATE_MR\" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:33",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966266"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0003/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu 2.17.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device. The issue occurs while handling a \"PVRDMA_CMD_CREATE_MR\" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1966266",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966266"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220429-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220429-0003/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3582",
"datePublished": "2022-03-25T18:02:49",
"dateReserved": "2021-06-07T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15124
Vulnerability from cvelistv5
Published
2018-01-09 21:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102295 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1525195 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4213 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2018:0816 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:1104 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:1113 | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/3575-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://access.redhat.com/errata/RHSA-2018:3062 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102295",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102295"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2018:3062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.11.0 and older"
}
]
}
],
"datePublic": "2017-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "102295",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102295"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2018:3062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3062"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15124",
"datePublished": "2018-01-09T21:00:00Z",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3165
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18"
},
{
"name": "FEDORA-2022-8dcdfe7297",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU/"
},
{
"name": "FEDORA-2022-4387579e67",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221223-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affected 6.1.0 and later. Will be fixed in 7.2.0-rc0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-23T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/d307040b18"
},
{
"name": "FEDORA-2022-8dcdfe7297",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU/"
},
{
"name": "FEDORA-2022-4387579e67",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221223-0006/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3165",
"datePublished": "2022-10-17T00:00:00",
"dateReserved": "2022-09-08T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8701
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/12/28/6 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/79706 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2015/12/29/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1286971 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:20.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151228 CVE request Qemu net: rocker: fix an incorrect array bounds check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/28/6"
},
{
"name": "[qemu-devel] 20151226 [PATCH v2] net: rocker: fix an incorrect array bounds check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html"
},
{
"name": "79706",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79706"
},
{
"name": "[oss-security] 20151229 Re: CVE request Qemu net: rocker: fix an incorrect array bounds check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/29/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286971"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in \u0027tx_consume\u0027 routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20151228 CVE request Qemu net: rocker: fix an incorrect array bounds check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/28/6"
},
{
"name": "[qemu-devel] 20151226 [PATCH v2] net: rocker: fix an incorrect array bounds check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html"
},
{
"name": "79706",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79706"
},
{
"name": "[oss-security] 20151229 Re: CVE request Qemu net: rocker: fix an incorrect array bounds check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/29/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286971"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8701",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2015-12-29T00:00:00",
"dateUpdated": "2024-08-06T08:29:20.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5107
Vulnerability from cvelistv5
Published
2016-09-02 14:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/05/25/7 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/26/9 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1336461 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/90874 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160525 CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/7"
},
{
"name": "[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/9"
},
{
"name": "[qemu-devel] 20160525 [Qemu-devel] [PATCH v2] scsi: megasas: check \u0027read_queue_head\u0027 index val",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336461"
},
{
"name": "90874",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90874"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160525 CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/7"
},
{
"name": "[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: out-of-bounds read in megasas_lookup_frame() function",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/9"
},
{
"name": "[qemu-devel] 20160525 [Qemu-devel] [PATCH v2] scsi: megasas: check \u0027read_queue_head\u0027 index val",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1336461"
},
{
"name": "90874",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90874"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5107",
"datePublished": "2016-09-02T14:00:00",
"dateReserved": "2016-05-26T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6058
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1423358 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/02/17/2 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201704-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1037856 | vdb-entry, x_refsource_SECTRACK | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96277 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20170216 [PATCH 2/5] NetRxPkt: Fix memory corruption on VLAN header stripping",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1423358"
},
{
"name": "[oss-security] 20170217 CVE-2017-6058 Qemu: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/17/2"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "1037856",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037856"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6"
},
{
"name": "96277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[qemu-devel] 20170216 [PATCH 2/5] NetRxPkt: Fix memory corruption on VLAN header stripping",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1423358"
},
{
"name": "[oss-security] 20170217 CVE-2017-6058 Qemu: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/17/2"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "1037856",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037856"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6"
},
{
"name": "96277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20170216 [PATCH 2/5] NetRxPkt: Fix memory corruption on VLAN header stripping",
"refsource": "MLIST",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1423358",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1423358"
},
{
"name": "[oss-security] 20170217 CVE-2017-6058 Qemu: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/17/2"
},
{
"name": "GLSA-201704-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "1037856",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037856"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6"
},
{
"name": "96277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6058",
"datePublished": "2017-03-20T16:00:00",
"dateReserved": "2017-02-17T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7157
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92775 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/06/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/07/3 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=65a8e1f6413a0f6f79894da710b5d6d43361d27d | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92775",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92775"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160831 [PATCH 2/2] scsi: mptconfig: fix an assert expression",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html"
},
{
"name": "[oss-security] 20160906 CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/4"
},
{
"name": "[oss-security] 20160906 Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=65a8e1f6413a0f6f79894da710b5d6d43361d27d"
},
{
"name": "[qemu-devel] 20160831 [PATCH 1/2] scsi: mptconfig: fix format string",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92775",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92775"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160831 [PATCH 2/2] scsi: mptconfig: fix an assert expression",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html"
},
{
"name": "[oss-security] 20160906 CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/4"
},
{
"name": "[oss-security] 20160906 Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=65a8e1f6413a0f6f79894da710b5d6d43361d27d"
},
{
"name": "[qemu-devel] 20160831 [PATCH 1/2] scsi: mptconfig: fix format string",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92775"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[qemu-devel] 20160831 [PATCH 2/2] scsi: mptconfig: fix an assert expression",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html"
},
{
"name": "[oss-security] 20160906 CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/4"
},
{
"name": "[oss-security] 20160906 Re: CVE Request Qemu: scsi: mptsas: invalid memory access while building configuration pages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/3"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=65a8e1f6413a0f6f79894da710b5d6d43361d27d",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=65a8e1f6413a0f6f79894da710b5d6d43361d27d"
},
{
"name": "[qemu-devel] 20160831 [PATCH 1/2] scsi: mptconfig: fix format string",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7157",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-09-06T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0216
Vulnerability from cvelistv5
Published
2022-08-26 00:00
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://starlabs.sg/advisories/22/22-0216/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036953"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/972"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0216"
},
{
"name": "FEDORA-2022-4387579e67",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects QEMU \u003c v6.0.0, Fixed in v7.1.0-rc0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 - Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://starlabs.sg/advisories/22/22-0216/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036953"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/issues/972"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-0216"
},
{
"name": "FEDORA-2022-4387579e67",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0216",
"datePublished": "2022-08-26T00:00:00",
"dateReserved": "2022-01-13T00:00:00",
"dateUpdated": "2024-08-02T23:18:42.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15863
Vulnerability from cvelistv5
Published
2020-07-28 15:40
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/07/22/1 | x_refsource_CONFIRM | |
| https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555 | x_refsource_CONFIRM | |
| https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html | x_refsource_MISC | |
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2020/dsa-4760 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/22/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "DSA-4760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4760"
},
{
"name": "openSUSE-SU-2020:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T19:06:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/22/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "DSA-4760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4760"
},
{
"name": "openSUSE-SU-2020:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/07/22/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/07/22/1"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5519724a13664b43e225ca05351c60b4468e4555",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5519724a13664b43e225ca05351c60b4468e4555"
},
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html"
},
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "DSA-4760",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4760"
},
{
"name": "openSUSE-SU-2020:1664",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15863",
"datePublished": "2020-07-28T15:40:29",
"dateReserved": "2020-07-21T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0297
Vulnerability from cvelistv5
Published
2010-02-12 19:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38158"
},
{
"name": "[kvm] 20090721 Re: KVM crashes when using certain USB device",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html"
},
{
"name": "[oss-security] 20100204 Re: KVM possible security issues fixed",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126527304127254\u0026w=2"
},
{
"name": "[kvm] 20090702 KVM crashes when using certain USB device",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html"
},
{
"name": "RHSA-2010:0088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"name": "kernel-usb-bo(56194)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56194"
},
{
"name": "[kvm] 20090721 Re: KVM crashes when using certain USB device",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=557025"
},
{
"name": "oval:org.mitre.oval:def:11786",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786"
},
{
"name": "[oss-security] 20100202 KVM possible security issues fixed",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126510479211473\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.qemu.org/ChangeLog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "38158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38158"
},
{
"name": "[kvm] 20090721 Re: KVM crashes when using certain USB device",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg19581.html"
},
{
"name": "[oss-security] 20100204 Re: KVM possible security issues fixed",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126527304127254\u0026w=2"
},
{
"name": "[kvm] 20090702 KVM crashes when using certain USB device",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg18447.html"
},
{
"name": "RHSA-2010:0088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0088.html"
},
{
"name": "kernel-usb-bo(56194)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56194"
},
{
"name": "[kvm] 20090721 Re: KVM crashes when using certain USB device",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/kvm%40vger.kernel.org/msg19596.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=557025"
},
{
"name": "oval:org.mitre.oval:def:11786",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11786"
},
{
"name": "[oss-security] 20100202 KVM possible security issues fixed",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126510479211473\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=babd03fde68093482528010a5435c14ce9128e3f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.qemu.org/ChangeLog"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0297",
"datePublished": "2010-02-12T19:00:00",
"dateReserved": "2010-01-12T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7466
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/19/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/20/3 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/93029 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b53dd4495ced2432a0b652ea895e651d07336f7e | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160920 CVE Request Qemu: usb: xhci memory leakage during device unplug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/19/8"
},
{
"name": "[oss-security] 20160920 Re: CVE Request Qemu: usb: xhci memory leakage during device unplug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/20/3"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "93029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93029"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b53dd4495ced2432a0b652ea895e651d07336f7e"
},
{
"name": "[qemu-devel] 20160913 [PATCH v2] usb:xhci:fix memory leak in usb_xhci_exit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160920 CVE Request Qemu: usb: xhci memory leakage during device unplug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/19/8"
},
{
"name": "[oss-security] 20160920 Re: CVE Request Qemu: usb: xhci memory leakage during device unplug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/20/3"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "93029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93029"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b53dd4495ced2432a0b652ea895e651d07336f7e"
},
{
"name": "[qemu-devel] 20160913 [PATCH v2] usb:xhci:fix memory leak in usb_xhci_exit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7466",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8504
Vulnerability from cvelistv5
Published
2017-04-11 19:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1289541 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/12/08/7 | mailing-list, x_refsource_MLIST | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3469 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2016/dsa-3470 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/78708 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:42.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289541"
},
{
"name": "[oss-security] 20151208 Re: CVE request: Qemu: ui: vnc: avoid floating point exception",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/08/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "78708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78708"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289541"
},
{
"name": "[oss-security] 20151208 Re: CVE request: Qemu: ui: vnc: avoid floating point exception",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/08/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "78708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78708"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8504",
"datePublished": "2017-04-11T19:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-06T08:20:42.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11102
Vulnerability from cvelistv5
Published
2020-04-06 15:39
Modified
2024-08-04 11:21
Severity ?
EPSS score ?
Summary
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg08322.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/04/06/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2020/04/06/1 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202005-02 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg08322.html"
},
{
"name": "[oss-security] 20200406 CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/06/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/06/1"
},
{
"name": "GLSA-202005-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T00:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg08322.html"
},
{
"name": "[oss-security] 20200406 CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/06/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/06/1"
},
{
"name": "GLSA-202005-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg08322.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg08322.html"
},
{
"name": "[oss-security] 20200406 CVE-2020-11102 QEMU: tulip: OOB access in tulip_copy_tx_buffers",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/04/06/1"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/04/06/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/04/06/1"
},
{
"name": "GLSA-202005-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11102",
"datePublished": "2020-04-06T15:39:56",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2894
Vulnerability from cvelistv5
Published
2014-04-23 14:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html"
},
{
"name": "USN-2182-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2182-1"
},
{
"name": "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html"
},
{
"name": "57945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57945"
},
{
"name": "[oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/18/5"
},
{
"name": "RHSA-2014:0704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html"
},
{
"name": "[oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/15/4"
},
{
"name": "66932",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66932"
},
{
"name": "58191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html"
},
{
"name": "USN-2182-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2182-1"
},
{
"name": "[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html"
},
{
"name": "57945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57945"
},
{
"name": "[oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/18/5"
},
{
"name": "RHSA-2014:0704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html"
},
{
"name": "[oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/15/4"
},
{
"name": "66932",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66932"
},
{
"name": "58191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58191"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-2894",
"datePublished": "2014-04-23T14:00:00",
"dateReserved": "2014-04-17T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5338
Vulnerability from cvelistv5
Published
2016-06-14 14:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/06/08/14 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/91079 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/06/07/3 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec"
},
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[qemu-devel] 20160606 [Qemu-devel] [PATCH v3] scsi: esp: check TI buffer index before read/write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html"
},
{
"name": "[oss-security] 20160608 Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/14"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "91079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91079"
},
{
"name": "[oss-security] 20160607 CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/07/3"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec"
},
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[qemu-devel] 20160606 [Qemu-devel] [PATCH v3] scsi: esp: check TI buffer index before read/write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html"
},
{
"name": "[oss-security] 20160608 Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/14"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "91079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91079"
},
{
"name": "[oss-security] 20160607 CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/07/3"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5338",
"datePublished": "2016-06-14T14:00:00",
"dateReserved": "2016-06-08T00:00:00",
"dateUpdated": "2024-08-06T01:00:59.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5730
Vulnerability from cvelistv5
Published
2007-10-30 22:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "RHSA-2008:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
},
{
"name": "qemu-net-socket-bo(38239)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38239"
},
{
"name": "42985",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42985"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "oval:org.mitre.oval:def:10000",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000"
},
{
"name": "29963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29963"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25095"
},
{
"name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the \"net socket listen\" option, aka QEMU \"net socket\" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of \"NE2000 network driver and the socket code,\" but this is the correct identifier for the individual net socket listen vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "RHSA-2008:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
},
{
"name": "qemu-net-socket-bo(38239)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38239"
},
{
"name": "42985",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42985"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "oval:org.mitre.oval:def:10000",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000"
},
{
"name": "29963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29963"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25095"
},
{
"name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the \"net socket listen\" option, aka QEMU \"net socket\" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of \"NE2000 network driver and the socket code,\" but this is the correct identifier for the individual net socket listen vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "RHSA-2008:0194",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
},
{
"name": "qemu-net-socket-bo(38239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38239"
},
{
"name": "42985",
"refsource": "OSVDB",
"url": "http://osvdb.org/42985"
},
{
"name": "DSA-1284",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25073"
},
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "oval:org.mitre.oval:def:10000",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000"
},
{
"name": "29963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29963"
},
{
"name": "ADV-2007-1597",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25095"
},
{
"name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5730",
"datePublished": "2007-10-30T22:00:00",
"dateReserved": "2007-10-30T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4037
Vulnerability from cvelistv5
Published
2016-05-23 19:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160418 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2"
},
{
"name": "FEDORA-2016-48e72b7bc5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html"
},
{
"name": "FEDORA-2016-35d7b09908",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html"
},
{
"name": "[qemu-devel] 20160418 [PATCH 1/2] ehci: apply limit to itd/sidt descriptors",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html"
},
{
"name": "FEDORA-2016-75063477ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "86283",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86283"
},
{
"name": "[qemu-devel] 20160418 Re: [PATCH 1/2] ehci: apply limit to itd/sidt descriptors",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20160418 Re: Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160418 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2"
},
{
"name": "FEDORA-2016-48e72b7bc5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html"
},
{
"name": "FEDORA-2016-35d7b09908",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html"
},
{
"name": "[qemu-devel] 20160418 [PATCH 1/2] ehci: apply limit to itd/sidt descriptors",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html"
},
{
"name": "FEDORA-2016-75063477ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "86283",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/86283"
},
{
"name": "[qemu-devel] 20160418 Re: [PATCH 1/2] ehci: apply limit to itd/sidt descriptors",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02734.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20160418 Re: Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4037",
"datePublished": "2016-05-23T19:00:00",
"dateReserved": "2016-04-18T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0146
Vulnerability from cvelistv5
Published
2017-08-10 15:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=11b128f4062dd7f89b14abc8877ff20d41b28be9 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-0420.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2014-0421.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1078232 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-3044 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2014/03/26/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=11b128f4062dd7f89b14abc8877ff20d41b28be9"
},
{
"name": "RHSA-2014:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"name": "RHSA-2014:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078232"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "[oss-security] 20140326 QEMU image format input validation fixes (multiple CVEs)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=11b128f4062dd7f89b14abc8877ff20d41b28be9"
},
{
"name": "RHSA-2014:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"name": "RHSA-2014:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078232"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "[oss-security] 20140326 QEMU image format input validation fixes (multiple CVEs)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0146",
"datePublished": "2017-08-10T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8576
Vulnerability from cvelistv5
Published
2016-11-04 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/10/10/6 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2016/10/10/12 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=05f43d44e4bc26611ce25fd7d726e483f73363ce | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93469 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20161007 Re: [PATCH] usb: xHCI: add check to limit command TRB processing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161010 CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/6"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[oss-security] 20161010 Re: CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/12"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=05f43d44e4bc26611ce25fd7d726e483f73363ce"
},
{
"name": "93469",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93469"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20161007 Re: [PATCH] usb: xHCI: add check to limit command TRB processing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161010 CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/6"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[oss-security] 20161010 Re: CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/12"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=05f43d44e4bc26611ce25fd7d726e483f73363ce"
},
{
"name": "93469",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93469"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8576",
"datePublished": "2016-11-04T21:00:00",
"dateReserved": "2016-10-10T00:00:00",
"dateUpdated": "2024-08-06T02:27:40.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8558
Vulnerability from cvelistv5
Published
2016-05-23 19:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/12/14/9 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2015/12/14/16 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/80694 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3469 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2016/dsa-3470 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1277983 | x_refsource_CONFIRM | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151214 CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/9"
},
{
"name": "[qemu-devel] 20151214 [PATCH] ehci: make idt processing more robust",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html"
},
{
"name": "[oss-security] 20151214 Re: CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/16"
},
{
"name": "80694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80694"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20151214 CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/9"
},
{
"name": "[qemu-devel] 20151214 [PATCH] ehci: make idt processing more robust",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02124.html"
},
{
"name": "[oss-security] 20151214 Re: CVE request Qemu: usb: infinite loop in ehci_advance_state results in DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/16"
},
{
"name": "80694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80694"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8558",
"datePublished": "2016-05-23T19:00:00",
"dateReserved": "2015-12-14T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5857
Vulnerability from cvelistv5
Published
2017-03-16 15:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1418382 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/02/02/16 | mailing-list, x_refsource_MLIST | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=5e8e3c4c75c199aa1017db816fca02be2a9f8798 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95993 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201702-28 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2017/02/01/21 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418382"
},
{
"name": "[oss-security] 20170202 Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=5e8e3c4c75c199aa1017db816fca02be2a9f8798"
},
{
"name": "95993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95993"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170201 CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418382"
},
{
"name": "[oss-security] 20170202 Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=5e8e3c4c75c199aa1017db816fca02be2a9f8798"
},
{
"name": "95993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95993"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170201 CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/21"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-5857",
"datePublished": "2017-03-16T15:00:00",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5158
Vulnerability from cvelistv5
Published
2016-04-08 16:00
Modified
2024-08-06 06:32
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/76016 | vdb-entry, x_refsource_BID | |
| https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201510-02 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securitytracker.com/id/1033095 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "76016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76016"
},
{
"name": "[Qemu-devel] 20150722 [PATCH] scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html"
},
{
"name": "GLSA-201510-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "1033095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-08T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "76016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76016"
},
{
"name": "[Qemu-devel] 20150722 [PATCH] scsi: fix buffer overflow in scsi_req_parse_cdb (CVE-2015-5158)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html"
},
{
"name": "GLSA-201510-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "1033095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033095"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5158",
"datePublished": "2016-04-08T16:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4539
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f | x_refsource_CONFIRM | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4539",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5729
Vulnerability from cvelistv5
Published
2007-10-30 22:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "42986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42986"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "qemu-ne2000-code-execution(38238)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38238"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25095"
},
{
"name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 \"mtu\" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of \"NE2000 network driver and the socket code,\" but this is the correct identifier for the mtu overflow vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "42986",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42986"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "qemu-ne2000-code-execution(38238)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38238"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25095"
},
{
"name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 \"mtu\" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of \"NE2000 network driver and the socket code,\" but this is the correct identifier for the mtu overflow vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "42986",
"refsource": "OSVDB",
"url": "http://osvdb.org/42986"
},
{
"name": "DSA-1284",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "qemu-ne2000-code-execution(38238)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38238"
},
{
"name": "25073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25073"
},
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "SUSE-SR:2009:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33568"
},
{
"name": "ADV-2007-1597",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25095"
},
{
"name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5729",
"datePublished": "2007-10-30T22:00:00",
"dateReserved": "2007-10-30T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8309
Vulnerability from cvelistv5
Published
2017-05-23 03:56
Modified
2024-08-05 16:34
Severity ?
EPSS score ?
Summary
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/98302 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98302",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98302"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[qemu-devel] 20170428 [PATCH] audio: release capture buffers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98302",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98302"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[qemu-devel] 20170428 [PATCH] audio: release capture buffers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98302"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[qemu-devel] 20170428 [PATCH] audio: release capture buffers",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8309",
"datePublished": "2017-05-23T03:56:00",
"dateReserved": "2017-04-28T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5238
Vulnerability from cvelistv5
Published
2016-06-14 14:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/06/02/2 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/90995 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/06/02/9 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1341931 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:48.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[qemu-devel] 20160601 Re: [Qemu-devel] [PATCH] scsi: check buffer length before reading scsi command",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html"
},
{
"name": "[qemu-devel] 20160531 [Qemu-devel] [PATCH] scsi: check buffer length before reading scsi command",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html"
},
{
"name": "[oss-security] 20160602 CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/2"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "90995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90995"
},
{
"name": "[oss-security] 20160602 Re: CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/9"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[qemu-devel] 20160601 Re: [Qemu-devel] [PATCH] scsi: check buffer length before reading scsi command",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html"
},
{
"name": "[qemu-devel] 20160531 [Qemu-devel] [PATCH] scsi: check buffer length before reading scsi command",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05691.html"
},
{
"name": "[oss-security] 20160602 CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/2"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "90995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90995"
},
{
"name": "[oss-security] 20160602 Re: CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/9"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341931"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5238",
"datePublished": "2016-06-14T14:00:00",
"dateReserved": "2016-06-02T00:00:00",
"dateUpdated": "2024-08-06T00:53:48.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7161
Vulnerability from cvelistv5
Published
2016-10-05 16:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/09/23/6 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/09/23/8 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93141 | vdb-entry, x_refsource_BID | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a0d1cbdacff5df4ded16b753b38fdd9da6092968 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160923 CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/23/6"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20160923 Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/23/8"
},
{
"name": "[qemu-devel] 20160809 [PULL 3/3] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20160809 [PATCH] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html"
},
{
"name": "93141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93141"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a0d1cbdacff5df4ded16b753b38fdd9da6092968"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160923 CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/23/6"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20160923 Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/23/8"
},
{
"name": "[qemu-devel] 20160809 [PULL 3/3] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20160809 [PATCH] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html"
},
{
"name": "93141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93141"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a0d1cbdacff5df4ded16b753b38fdd9da6092968"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160923 CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/23/6"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20160923 Re: CVE request Qemu: hw: net: Fix a heap overflow in xlnx.xps-ethernetlite",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/23/8"
},
{
"name": "[qemu-devel] 20160809 [PULL 3/3] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01877.html"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20160809 [PATCH] hw/net: Fix a heap overflow in xlnx.xps-ethernetlite",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01598.html"
},
{
"name": "93141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93141"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7161",
"datePublished": "2016-10-05T16:00:00",
"dateReserved": "2016-09-08T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9845
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/12/05/22 | mailing-list, x_refsource_MLIST | |
| https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/94763 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/12/05/15 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161205 Re: CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/22"
},
{
"name": "[qemu-devel] 20161101 [PATCH] virtio-gpu: fix information leak in getting capset info dispatch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94763",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94763"
},
{
"name": "[oss-security] 20161205 CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing \u0027VIRTIO_GPU_CMD_GET_CAPSET_INFO\u0027 command. A guest user/process could use this flaw to leak contents of the host memory bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161205 Re: CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/22"
},
{
"name": "[qemu-devel] 20161101 [PATCH] virtio-gpu: fix information leak in getting capset info dispatch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94763",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94763"
},
{
"name": "[oss-security] 20161205 CVE request: Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset_info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9845",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5973
Vulnerability from cvelistv5
Published
2017-03-27 15:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1421626 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201704-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2017/02/13/11 | mailing-list, x_refsource_MLIST | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96220 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20170206 [PATCH] xhci: apply limits to loops",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421626"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "[oss-security] 20170214 CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/13/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b"
},
{
"name": "96220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96220"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[qemu-devel] 20170206 [PATCH] xhci: apply limits to loops",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421626"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "[oss-security] 20170214 CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/13/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b"
},
{
"name": "96220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96220"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20170206 [PATCH] xhci: apply limits to loops",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1421626",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421626"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201704-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "[oss-security] 20170214 CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/13/11"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b"
},
{
"name": "96220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96220"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5973",
"datePublished": "2017-03-27T15:00:00",
"dateReserved": "2017-02-13T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8578
Vulnerability from cvelistv5
Published
2016-11-04 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/10/14 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/10/8 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/93474 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:40.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161010 Re: CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/14"
},
{
"name": "[oss-security] 20161010 CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/8"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93474"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160927 Re: [PATCH] 9pfs: make unmarshal V9fsString more robust",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161010 Re: CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/14"
},
{
"name": "[oss-security] 20161010 CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/10/8"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93474"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160927 Re: [PATCH] 9pfs: make unmarshal V9fsString more robust",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8578",
"datePublished": "2016-11-04T21:00:00",
"dateReserved": "2016-10-10T00:00:00",
"dateUpdated": "2024-08-06T02:27:40.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7471
Vulnerability from cvelistv5
Published
2018-07-09 14:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/97970 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/04/19/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "97970",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97970"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471"
},
{
"name": "[oss-security] 20170419 CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/19/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-10T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "97970",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97970"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471"
},
{
"name": "[oss-security] 20170419 CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/19/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7471",
"datePublished": "2018-07-09T14:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7423
Vulnerability from cvelistv5
Published
2016-10-10 16:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1376776 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92997 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/09/16/11 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/16/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376776"
},
{
"name": "92997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92997"
},
{
"name": "[qemu-devel] 20160915 [PULL 03/17] scsi: mptsas: use g_new0 to allocate MPTSASRequest object",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5"
},
{
"name": "[oss-security] 20160916 Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/11"
},
{
"name": "[oss-security] 20160916 CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376776"
},
{
"name": "92997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92997"
},
{
"name": "[qemu-devel] 20160915 [PULL 03/17] scsi: mptsas: use g_new0 to allocate MPTSASRequest object",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5"
},
{
"name": "[oss-security] 20160916 Re: CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/11"
},
{
"name": "[oss-security] 20160916 CVE request Qemu: scsi: mptsas: OOB access when freeing MPTSASRequest object",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7423",
"datePublished": "2016-10-10T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9923
Vulnerability from cvelistv5
Published
2016-12-23 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/12/09/2 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/94827 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161209 Re: CVE request Qemu: char: use after free issue in char backend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/2"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94827"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick Emulator (Qemu) built with the \u0027chardev\u0027 backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161209 Re: CVE request Qemu: char: use after free issue in char backend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/2"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94827"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9923",
"datePublished": "2016-12-23T22:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7421
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/92998 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/09/16/9 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d251157ac1928191af851d199a9ff255d330bec9 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/16/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20160915 [PULL 07/17] scsi: pvscsi: limit process IO loop to ring size",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "92998",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92998"
},
{
"name": "[oss-security] 20160916 Re: CVE Request: Qemu: scsi: pvscsi: infinite loop when processing IO requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d251157ac1928191af851d199a9ff255d330bec9"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20160916 CVE Request: Qemu: scsi: pvscsi: infinite loop when processing IO requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20160915 [PULL 07/17] scsi: pvscsi: limit process IO loop to ring size",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "92998",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92998"
},
{
"name": "[oss-security] 20160916 Re: CVE Request: Qemu: scsi: pvscsi: infinite loop when processing IO requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d251157ac1928191af851d199a9ff255d330bec9"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20160916 CVE Request: Qemu: scsi: pvscsi: infinite loop when processing IO requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/16/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7421",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6778
Vulnerability from cvelistv5
Published
2019-03-17 18:00
Modified
2024-08-04 20:31
Severity ?
EPSS score ?
Summary
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106758"
},
{
"name": "SUSE-SA-2019:0254-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/01/24/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1226",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "RHSA-2019:1883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1883"
},
{
"name": "RHSA-2019:1968",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1968"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "openSUSE-SU-2019:2044",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
},
{
"name": "RHSA-2019:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
},
{
"name": "openSUSE-SU-2020:0468",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T05:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106758"
},
{
"name": "SUSE-SA-2019:0254-1",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/01/24/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1226",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "RHSA-2019:1883",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1883"
},
{
"name": "RHSA-2019:1968",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1968"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "openSUSE-SU-2019:2044",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
},
{
"name": "RHSA-2019:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
},
{
"name": "openSUSE-SU-2020:0468",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106758"
},
{
"name": "SUSE-SA-2019:0254-1",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/01/24/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/01/24/5"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html"
},
{
"name": "FEDORA-2019-88a98ce795",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
},
{
"name": "openSUSE-SU-2019:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1226",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html"
},
{
"name": "DSA-4454",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "RHSA-2019:1883",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1883"
},
{
"name": "RHSA-2019:1968",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1968"
},
{
"name": "RHSA-2019:2425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "openSUSE-SU-2019:2044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
},
{
"name": "RHSA-2019:2892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
},
{
"name": "openSUSE-SU-2020:0468",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6778",
"datePublished": "2019-03-17T18:00:46",
"dateReserved": "2019-01-24T00:00:00",
"dateUpdated": "2024-08-04T20:31:04.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10155
Vulnerability from cvelistv5
Published
2017-03-15 15:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95770 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2017/01/21/4 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201702-28 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2017/01/20/14 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95770"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170120 Re: CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/4"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170120 CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/14"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95770"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170120 Re: CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/4"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170120 CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/14"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95770"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170120 Re: CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/4"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170120 CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/14"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10155",
"datePublished": "2017-03-15T15:00:00",
"dateReserved": "2017-01-20T00:00:00",
"dateUpdated": "2024-08-06T03:14:42.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8909
Vulnerability from cvelistv5
Published
2016-11-04 21:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/24/4 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/10/24/1 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/93842 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161024 Re: CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/4"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161024 CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/1"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20161020 [PATCH] audio: intel-hda: check stream entry count during transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "93842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161024 Re: CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/4"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161024 CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/1"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20161020 [PATCH] audio: intel-hda: check stream entry count during transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "93842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93842"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8909",
"datePublished": "2016-11-04T21:00:00",
"dateReserved": "2016-10-24T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10702
Vulnerability from cvelistv5
Published
2020-06-04 17:31
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10702 | x_refsource_CONFIRM | |
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de0b1bae6461f67243282555475f88b2384a1eb9 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200724-0007/ | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The QEMU Project | qemu |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10702"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de0b1bae6461f67243282555475f88b2384a1eb9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "The QEMU Project",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-24T13:06:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10702"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de0b1bae6461f67243282555475f88b2384a1eb9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0007/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "\u003e= 4.0.0, \u003c 5.0.0"
}
]
}
}
]
},
"vendor_name": "The QEMU Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10702",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10702"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200724-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200724-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10702",
"datePublished": "2020-06-04T17:31:05",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:06:11.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9776
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/02/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/12/02/8 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1400829 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94638 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161202 CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/3"
},
{
"name": "[oss-security] 20161202 Re: CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400829"
},
{
"name": "94638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94638"
},
{
"name": "[qemu-devel] 20161130 [PATCH] net: mcf: check receive buffer size register value",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in \u0027mcf_fec_receive\u0027. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161202 CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/3"
},
{
"name": "[oss-security] 20161202 Re: CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400829"
},
{
"name": "94638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94638"
},
{
"name": "[qemu-devel] 20161130 [PATCH] net: mcf: check receive buffer size register value",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9776",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4439
Vulnerability from cvelistv5
Published
2016-05-20 14:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/90760 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/19/3 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1337502 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "90760",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90760"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[qemu-devel] 20160519 [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html"
},
{
"name": "[oss-security] 20160519 CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to \u0027s-\u003ecmdbuf\u0027 in esp_reg_write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/19/3"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "90760",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90760"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[qemu-devel] 20160519 [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html"
},
{
"name": "[oss-security] 20160519 CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to \u0027s-\u003ecmdbuf\u0027 in esp_reg_write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/19/3"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337502"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4439",
"datePublished": "2016-05-20T14:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9101
Vulnerability from cvelistv5
Published
2016-12-09 22:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/10/30/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/27/14 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93957 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: net: eepro100 memory leakage at device unplug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/5"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: net: eepro100 memory leakage at device unplug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/27/14"
},
{
"name": "[qemu-devel] 20161013 [PATCH] eepro100: Fix memory leak and simplify code for VMStateDescription",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "93957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: net: eepro100 memory leakage at device unplug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/5"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: net: eepro100 memory leakage at device unplug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/27/14"
},
{
"name": "[qemu-devel] 20161013 [PATCH] eepro100: Fix memory leak and simplify code for VMStateDescription",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "93957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93957"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9101",
"datePublished": "2016-12-09T22:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15746
Vulnerability from cvelistv5
Published
2018-08-29 19:00
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/08/28/6 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:2425 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20180828 CVE-2018-15746 Qemu: seccomp: blacklist is not applied to all threads",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/28/6"
},
{
"name": "[qemu-devel] 20180822 [PATCH v4 4/4] seccomp: set the seccomp filter to all threads",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-09T03:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20180828 CVE-2018-15746 Qemu: seccomp: blacklist is not applied to all threads",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/08/28/6"
},
{
"name": "[qemu-devel] 20180822 [PATCH v4 4/4] seccomp: set the seccomp filter to all threads",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20180828 CVE-2018-15746 Qemu: seccomp: blacklist is not applied to all threads",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/28/6"
},
{
"name": "[qemu-devel] 20180822 [PATCH v4 4/4] seccomp: set the seccomp filter to all threads",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html"
},
{
"name": "RHSA-2019:2425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15746",
"datePublished": "2018-08-29T19:00:00",
"dateReserved": "2018-08-23T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7512
Vulnerability from cvelistv5
Published
2016-01-08 21:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:2694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2694.html"
},
{
"name": "[oss-security] 20151130 CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "78230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78230"
},
{
"name": "1034527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034527"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "RHSA-2015:2696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2696.html"
},
{
"name": "RHSA-2015:2695",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2695.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:2694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2694.html"
},
{
"name": "[oss-security] 20151130 CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "78230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78230"
},
{
"name": "1034527",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034527"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "RHSA-2015:2696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2696.html"
},
{
"name": "RHSA-2015:2695",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2695.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7512",
"datePublished": "2016-01-08T21:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2652
Vulnerability from cvelistv5
Published
2012-08-07 20:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/50132 | third-party-advisory, x_refsource_SECUNIA | |
| http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50689 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/53725 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html | vendor-advisory, x_refsource_SUSE | |
| http://www.ubuntu.com/usn/USN-1522-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=eba25057b9a5e19d10ace2bc7716667a31297169 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2545 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50132"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"
},
{
"name": "50689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50689"
},
{
"name": "53725",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53725"
},
{
"name": "SUSE-SU-2012:1202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html"
},
{
"name": "USN-1522-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1522-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=eba25057b9a5e19d10ace2bc7716667a31297169"
},
{
"name": "DSA-2545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2545"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-26T14:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "50132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50132"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"
},
{
"name": "50689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50689"
},
{
"name": "53725",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53725"
},
{
"name": "SUSE-SU-2012:1202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html"
},
{
"name": "USN-1522-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1522-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commit%3Bh=eba25057b9a5e19d10ace2bc7716667a31297169"
},
{
"name": "DSA-2545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2545"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2652",
"datePublished": "2012-08-07T20:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2962
Vulnerability from cvelistv5
Published
2022-09-13 19:18
Modified
2024-08-22 03:55
Severity ?
EPSS score ?
Summary
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/qemu-project/qemu/-/issues/1171 | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1171"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T03:55:11.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Will be fixed in QEMU 7.2.0-rc0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn\u0027t check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-13T19:18:14",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1171"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-2962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "Will be fixed in QEMU 7.2.0-rc0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn\u0027t check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/qemu-project/qemu/-/issues/1171",
"refsource": "MISC",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1171"
},
{
"name": "https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182",
"refsource": "MISC",
"url": "https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2962",
"datePublished": "2022-09-13T19:18:14",
"dateReserved": "2022-08-23T00:00:00",
"dateUpdated": "2024-08-22T03:55:11.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1922
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-05 23:10
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/16/1 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201604-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/01/16/6 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3469 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2016/dsa-3470 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/81058 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1283934 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160116 CVE request Qemu: i386: null pointer dereference in vapic_write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/16/1"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "[oss-security] 20160116 Re: CVE request Qemu: i386: null pointer dereference in vapic_write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/16/6"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "[qemu-devel] 20160115 [PULL] i386: avoid null pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html"
},
{
"name": "81058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81058"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283934"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, \u0027current_cpu\u0027 remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160116 CVE request Qemu: i386: null pointer dereference in vapic_write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/16/1"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "[oss-security] 20160116 Re: CVE request Qemu: i386: null pointer dereference in vapic_write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/16/6"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "[qemu-devel] 20160115 [PULL] i386: avoid null pointer dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html"
},
{
"name": "81058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81058"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283934"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-1922",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-01-16T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20815
Vulnerability from cvelistv5
Published
2019-05-31 21:40
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:27.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17"
},
{
"name": "RHSA-2019:1667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1667"
},
{
"name": "FEDORA-2019-52a8f5468e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "FEDORA-2019-e9de40d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
},
{
"name": "RHSA-2019:1723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1723"
},
{
"name": "RHSA-2019:1743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1743"
},
{
"name": "RHSA-2019:1881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1881"
},
{
"name": "RHSA-2019:1968",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1968"
},
{
"name": "RHSA-2019:2507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2507"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/41"
},
{
"name": "DSA-4506",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T14:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17"
},
{
"name": "RHSA-2019:1667",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1667"
},
{
"name": "FEDORA-2019-52a8f5468e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "FEDORA-2019-e9de40d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
},
{
"name": "RHSA-2019:1723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1723"
},
{
"name": "RHSA-2019:1743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1743"
},
{
"name": "RHSA-2019:1881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1881"
},
{
"name": "RHSA-2019:1968",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1968"
},
{
"name": "RHSA-2019:2507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2507"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/41"
},
{
"name": "DSA-4506",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17"
},
{
"name": "RHSA-2019:1667",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1667"
},
{
"name": "FEDORA-2019-52a8f5468e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "FEDORA-2019-e9de40d53f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
},
{
"name": "RHSA-2019:1723",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1723"
},
{
"name": "RHSA-2019:1743",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1743"
},
{
"name": "RHSA-2019:1881",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1881"
},
{
"name": "RHSA-2019:1968",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1968"
},
{
"name": "RHSA-2019:2507",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2507"
},
{
"name": "RHSA-2019:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
},
{
"name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/41"
},
{
"name": "DSA-4506",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20815",
"datePublished": "2019-05-31T21:40:01",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-05T12:12:27.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5239
Vulnerability from cvelistv5
Published
2020-01-23 19:52
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/02/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "before 2.1.0"
}
]
}
],
"datePublic": "2015-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T18:48:53",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/02/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5239",
"datePublished": "2020-01-23T19:52:32",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4542
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0743.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0744.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3c3ce981423e0d6c18af82ee62f1850c2cda5976 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3c3ce981423e0d6c18af82ee62f1850c2cda5976"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3c3ce981423e0d6c18af82ee62f1850c2cda5976"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4542",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:15.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5578
Vulnerability from cvelistv5
Published
2017-03-15 15:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=204f01b30975923c64006f8067f0937b91eea68b | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95781 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201702-28 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2017/01/23/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2017/01/25/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=204f01b30975923c64006f8067f0937b91eea68b"
},
{
"name": "95781",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95781"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170123 CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/23/3"
},
{
"name": "[oss-security] 20170125 Re: CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=204f01b30975923c64006f8067f0937b91eea68b"
},
{
"name": "95781",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95781"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170123 CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/23/3"
},
{
"name": "[oss-security] 20170125 Re: CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/25/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-5578",
"datePublished": "2017-03-15T15:00:00",
"dateReserved": "2017-01-25T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13791
Vulnerability from cvelistv5
Published
2020-06-04 15:24
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/06/04/1 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200717-0001/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202011-09 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0001/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T05:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200717-0001/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/06/04/1",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/06/04/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200717-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200717-0001/"
},
{
"name": "GLSA-202011-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13791",
"datePublished": "2020-06-04T15:24:53",
"dateReserved": "2020-06-03T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25723
Vulnerability from cvelistv5
Published
2020-12-02 00:52
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1898579 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201218-0004/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2020/12/22/1 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201218-0004/"
},
{
"name": "[oss-security] 20201222 CVE-2020-25723 QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/22/1"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:34",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201218-0004/"
},
{
"name": "[oss-security] 20201222 CVE-2020-25723 QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/22/1"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu 5.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-617"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898579"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201218-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201218-0004/"
},
{
"name": "[oss-security] 20201222 CVE-2020-25723 QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/22/1"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25723",
"datePublished": "2020-12-02T00:52:10",
"dateReserved": "2020-09-16T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4526
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4526",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4530
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=d8d0a0bc7e194300e53a346d25fe5724fd588387 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=d8d0a0bc7e194300e53a346d25fe5724fd588387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=d8d0a0bc7e194300e53a346d25fe5724fd588387"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4530",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:15.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8818
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2671.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1300771 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-2706.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2016/03/01/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/03/01/10 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2016-2705.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2016-2670.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b242e0e0e2969c044a318e56f7988bbd84de1f63 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-2704.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:22.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"name": "RHSA-2016:2706",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "[oss-security] 20160301 CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
},
{
"name": "[oss-security] 20160301 Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
},
{
"name": "RHSA-2016:2705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "RHSA-2016:2670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b242e0e0e2969c044a318e56f7988bbd84de1f63"
},
{
"name": "RHSA-2016:2704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:2671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"name": "RHSA-2016:2706",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "[oss-security] 20160301 CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
},
{
"name": "[oss-security] 20160301 Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
},
{
"name": "RHSA-2016:2705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "RHSA-2016:2670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b242e0e0e2969c044a318e56f7988bbd84de1f63"
},
{
"name": "RHSA-2016:2704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8818",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-03-01T00:00:00",
"dateUpdated": "2024-08-06T08:29:22.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0148
Vulnerability from cvelistv5
Published
2020-02-11 03:43
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0420.html | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2014-0421.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/03/26/8 | x_refsource_MISC | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1078212 | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078212"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 2.0"
}
]
}
],
"datePublic": "2014-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like \u0027sectors_per_block\u0027 etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:46:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078212"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0148",
"datePublished": "2020-02-11T03:43:19",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35503
Vulnerability from cvelistv5
Published
2021-06-02 13:22
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1910346 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210720-0008/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All QEMU versions before and including 6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T10:07:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1910346"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35503",
"datePublished": "2021-06-02T13:22:19",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5388
Vulnerability from cvelistv5
Published
2014-11-15 21:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html | mailing-list, x_refsource_MLIST | |
| http://seclists.org/oss-sec/2014/q3/438 | mailing-list, x_refsource_MLIST | |
| http://seclists.org/oss-sec/2014/q3/440 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1132956 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2409-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-devel] 20140820 [PATCH v2] pcihp: fix possible array out of bounds",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html"
},
{
"name": "[oss-security] 20140822 CVE request Qemu: out of bounds memory access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/438"
},
{
"name": "[oss-security] 20140822 Re: CVE request Qemu: out of bounds memory access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/440"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1132956"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-devel] 20140820 [PATCH v2] pcihp: fix possible array out of bounds",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html"
},
{
"name": "[oss-security] 20140822 CVE request Qemu: out of bounds memory access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/438"
},
{
"name": "[oss-security] 20140822 Re: CVE request Qemu: out of bounds memory access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/440"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1132956"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-5388",
"datePublished": "2014-11-15T21:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7549
Vulnerability from cvelistv5
Published
2017-10-30 14:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/12/14/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/80761 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1291137 | x_refsource_CONFIRM | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151214 CVE-2015-7549 Qemu: pci: msi-x: null pointer dereference issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/2"
},
{
"name": "80761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80761"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291137"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "FEDORA-2016-e9bba2bb01",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20151214 CVE-2015-7549 Qemu: pci: msi-x: null pointer dereference issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/14/2"
},
{
"name": "80761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80761"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291137"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "FEDORA-2016-e9bba2bb01",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7549",
"datePublished": "2017-10-30T14:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6835
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/08/11/7 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=93060258ae748573ca7197204125a2670047896d | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/08/18/4 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20160810 Re: [PATCH] net: vmxnet: check IP header length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20160812 CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=93060258ae748573ca7197204125a2670047896d"
},
{
"name": "[oss-security] 20160817 Re: CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/4"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20160810 Re: [PATCH] net: vmxnet: check IP header length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20160812 CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=93060258ae748573ca7197204125a2670047896d"
},
{
"name": "[oss-security] 20160817 Re: CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/4"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6835",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-08-17T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12928
Vulnerability from cvelistv5
Published
2019-06-24 10:06
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue
References
| ▼ | URL | Tags |
|---|---|---|
| https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU\u0027s -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-02T15:30:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU\u0027s -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928/",
"refsource": "MISC",
"url": "https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12928",
"datePublished": "2019-06-24T10:06:44",
"dateReserved": "2019-06-20T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13659
Vulnerability from cvelistv5
Published
2020-06-02 12:50
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/06/01/3 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200608-0007/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4728 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/202011-09 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0007/"
},
{
"name": "DSA-4728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "openSUSE-SU-2020:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T05:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0007/"
},
{
"name": "DSA-4728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "openSUSE-SU-2020:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/06/01/3",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0007/"
},
{
"name": "DSA-4728",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "openSUSE-SU-2020:1108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13659",
"datePublished": "2020-06-02T12:50:44",
"dateReserved": "2020-05-28T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1945
Vulnerability from cvelistv5
Published
2008-08-08 19:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "qemu-image-security-bypass(44269)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44269"
},
{
"name": "32088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32088"
},
{
"name": "oval:org.mitre.oval:def:9905",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905"
},
{
"name": "32063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32063"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "30604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30604"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "DSA-1799",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "RHSA-2008:0892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2008-0892.html"
},
{
"name": "1020959",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020959"
},
{
"name": "35031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "qemu-image-security-bypass(44269)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44269"
},
{
"name": "32088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32088"
},
{
"name": "oval:org.mitre.oval:def:9905",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905"
},
{
"name": "32063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32063"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "30604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30604"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "DSA-1799",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "RHSA-2008:0892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2008-0892.html"
},
{
"name": "1020959",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020959"
},
{
"name": "35031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35031"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1945",
"datePublished": "2008-08-08T19:00:00",
"dateReserved": "2008-04-24T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3607
Vulnerability from cvelistv5
Published
2022-02-24 18:50
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1973349 | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220318-0002/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973349"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220318-0002/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu-kvm 6.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190-\u003eCWE-770-\u003e(CWE-125|CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:27",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973349"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220318-0002/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu-kvm 6.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190-\u003eCWE-770-\u003e(CWE-125|CWE-476)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1973349",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973349"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220318-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220318-0002/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3607",
"datePublished": "2022-02-24T18:50:19",
"dateReserved": "2021-06-17T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19489
Vulnerability from cvelistv5
Published
2018-12-13 19:00
Modified
2024-08-05 11:37
Severity ?
EPSS score ?
Summary
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181126 CVE-2018-19489 QEMU: 9pfs: crash due to race condition in renaming files",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/11/26/1"
},
{
"name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html"
},
{
"name": "[qemu-devel] 20181122 9p: fix QEMU crash when renaming files",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2018-19489"
},
{
"name": "qemu-cve201819489-dos(153326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d20398694a3b67a388d955b7a945ba4aa90a8a8"
},
{
"name": "106007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106007"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T13:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20181126 CVE-2018-19489 QEMU: 9pfs: crash due to race condition in renaming files",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/11/26/1"
},
{
"name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html"
},
{
"name": "[qemu-devel] 20181122 9p: fix QEMU crash when renaming files",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2018-19489"
},
{
"name": "qemu-cve201819489-dos(153326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d20398694a3b67a388d955b7a945ba4aa90a8a8"
},
{
"name": "106007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106007"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181126 CVE-2018-19489 QEMU: 9pfs: crash due to race condition in renaming files",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/11/26/1"
},
{
"name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html"
},
{
"name": "[qemu-devel] 20181122 9p: fix QEMU crash when renaming files",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2018-19489",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2018-19489"
},
{
"name": "qemu-cve201819489-dos(153326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153326"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=1d20398694a3b67a388d955b7a945ba4aa90a8a8",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=1d20398694a3b67a388d955b7a945ba4aa90a8a8"
},
{
"name": "106007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106007"
},
{
"name": "FEDORA-2019-88a98ce795",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "openSUSE-SU-2019:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/76"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19489",
"datePublished": "2018-12-13T19:00:00",
"dateReserved": "2018-11-23T00:00:00",
"dateUpdated": "2024-08-05T11:37:11.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6505
Vulnerability from cvelistv5
Published
2024-07-05 13:51
Modified
2024-11-13 14:27
Severity ?
EPSS score ?
Summary
Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-6505 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2295760 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-13T20:15:08.315330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T20:15:15.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-16T17:02:42.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6505"
},
{
"name": "RHBZ#2295760",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295760"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240816-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/qemu-project/qemu",
"defaultStatus": "unaffected",
"packageName": "qemu",
"versions": [
{
"lessThan": "9.1.0",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-07-04T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:27:00.253Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-6505"
},
{
"name": "RHBZ#2295760",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295760"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-04T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-07-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss",
"workarounds": [
{
"lang": "en",
"value": "A viable mitigation for this vulnerability is to disable RSS on the nic/virtio driver. \nThis can be performed either with the following qemu-kvm command \"-device virtio-net-pci,rss=off\", or, alternatively, by directly modifying the KVM XML file to disable RSS using a standard configuration tool (ex. libvirt)."
}
],
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-6505",
"datePublished": "2024-07-05T13:51:38.241Z",
"dateReserved": "2024-07-04T09:08:42.796Z",
"dateUpdated": "2024-11-13T14:27:00.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4534
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e | x_refsource_CONFIRM | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4534",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15469
Vulnerability from cvelistv5
Published
2020-07-02 19:25
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/07/02/1 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:20.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/02/1"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/02/1"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/07/02/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/07/02/1"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15469",
"datePublished": "2020-07-02T19:25:42",
"dateReserved": "2020-07-01T00:00:00",
"dateUpdated": "2024-08-04T13:15:20.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3689
Vulnerability from cvelistv5
Published
2014-11-14 15:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62144 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/62143 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-3067 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.mail-archive.com/qemu-devel%40nongnu.org/msg261580.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2409-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/60923 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-3066 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.osvdb.org/114397 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62144"
},
{
"name": "62143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62143"
},
{
"name": "DSA-3067",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3067"
},
{
"name": "[Qemu-devel] 20141015 [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg261580.html"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
},
{
"name": "60923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60923"
},
{
"name": "DSA-3066",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3066"
},
{
"name": "114397",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/114397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-14T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "62144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62144"
},
{
"name": "62143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62143"
},
{
"name": "DSA-3067",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3067"
},
{
"name": "[Qemu-devel] 20141015 [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg261580.html"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
},
{
"name": "60923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60923"
},
{
"name": "DSA-3066",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3066"
},
{
"name": "114397",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/114397"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3689",
"datePublished": "2014-11-14T15:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3515
Vulnerability from cvelistv5
Published
2012-11-23 20:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55082"
},
{
"name": "50528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50528"
},
{
"name": "RHSA-2012:1234",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1234.html"
},
{
"name": "50530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"
},
{
"name": "51413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51413"
},
{
"name": "GLSA-201309-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "50689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50689"
},
{
"name": "DSA-2543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2543"
},
{
"name": "SUSE-SU-2012:1135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html"
},
{
"name": "50632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50632"
},
{
"name": "RHSA-2012:1325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1325.html"
},
{
"name": "RHSA-2012:1236",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1236.html"
},
{
"name": "SUSE-SU-2012:1205",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html"
},
{
"name": "SUSE-SU-2012:1202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html"
},
{
"name": "50913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50913"
},
{
"name": "openSUSE-SU-2012:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name": "50472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50472"
},
{
"name": "openSUSE-SU-2012:1170",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html"
},
{
"name": "USN-1590-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1590-1"
},
{
"name": "RHSA-2012:1262",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1262.html"
},
{
"name": "openSUSE-SU-2012:1153",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability"
},
{
"name": "SUSE-SU-2012:1203",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html"
},
{
"name": "55413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55413"
},
{
"name": "SUSE-SU-2012:1162",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html"
},
{
"name": "openSUSE-SU-2012:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html"
},
{
"name": "SUSE-SU-2012:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "RHSA-2012:1233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1233.html"
},
{
"name": "SUSE-SU-2012:1132",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX134708"
},
{
"name": "DSA-2545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2545"
},
{
"name": "SUSE-SU-2012:1129",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html"
},
{
"name": "[Xen-announce] 20120905 Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html"
},
{
"name": "SUSE-SU-2012:1133",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html"
},
{
"name": "RHSA-2012:1235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1235.html"
},
{
"name": "openSUSE-SU-2012:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name": "[oss-security] 20120905 Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/10"
},
{
"name": "openSUSE-SU-2012:1172",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html"
},
{
"name": "50860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a \"device model\u0027s address space.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55082"
},
{
"name": "50528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50528"
},
{
"name": "RHSA-2012:1234",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1234.html"
},
{
"name": "50530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"
},
{
"name": "51413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51413"
},
{
"name": "GLSA-201309-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "50689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50689"
},
{
"name": "DSA-2543",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2543"
},
{
"name": "SUSE-SU-2012:1135",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html"
},
{
"name": "50632",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50632"
},
{
"name": "RHSA-2012:1325",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1325.html"
},
{
"name": "RHSA-2012:1236",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1236.html"
},
{
"name": "SUSE-SU-2012:1205",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html"
},
{
"name": "SUSE-SU-2012:1202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html"
},
{
"name": "50913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50913"
},
{
"name": "openSUSE-SU-2012:1572",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name": "50472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50472"
},
{
"name": "openSUSE-SU-2012:1170",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html"
},
{
"name": "USN-1590-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1590-1"
},
{
"name": "RHSA-2012:1262",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1262.html"
},
{
"name": "openSUSE-SU-2012:1153",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability"
},
{
"name": "SUSE-SU-2012:1203",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html"
},
{
"name": "55413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55413"
},
{
"name": "SUSE-SU-2012:1162",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html"
},
{
"name": "openSUSE-SU-2012:1174",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html"
},
{
"name": "SUSE-SU-2012:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "RHSA-2012:1233",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1233.html"
},
{
"name": "SUSE-SU-2012:1132",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX134708"
},
{
"name": "DSA-2545",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2545"
},
{
"name": "SUSE-SU-2012:1129",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html"
},
{
"name": "[Xen-announce] 20120905 Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html"
},
{
"name": "SUSE-SU-2012:1133",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html"
},
{
"name": "RHSA-2012:1235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1235.html"
},
{
"name": "openSUSE-SU-2012:1573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name": "[oss-security] 20120905 Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/10"
},
{
"name": "openSUSE-SU-2012:1172",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html"
},
{
"name": "50860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50860"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3515",
"datePublished": "2012-11-23T20:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5714
Vulnerability from cvelistv5
Published
2008-12-24 17:00
Modified
2024-08-07 11:04
Severity ?
EPSS score ?
Summary
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:04:44.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20081210 Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC passwords to 7 chars",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html"
},
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "qemu-monitor-weak-security(47683)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47683"
},
{
"name": "[qemu-devel] 20081123 [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5966"
},
{
"name": "33020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33020"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu\u0026r1=5966\u0026r2=5965\u0026pathrev=5966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[qemu-devel] 20081210 Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC passwords to 7 chars",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html"
},
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "qemu-monitor-weak-security(47683)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47683"
},
{
"name": "[qemu-devel] 20081123 [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5966"
},
{
"name": "33020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33020"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu\u0026r1=5966\u0026r2=5965\u0026pathrev=5966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20081210 Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC passwords to 7 chars",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html"
},
{
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name": "qemu-monitor-weak-security(47683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47683"
},
{
"name": "[qemu-devel] 20081123 [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5966",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5966"
},
{
"name": "33020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33020"
},
{
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "SUSE-SR:2009:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu\u0026r1=5966\u0026r2=5965\u0026pathrev=5966",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu\u0026r1=5966\u0026r2=5965\u0026pathrev=5966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5714",
"datePublished": "2008-12-24T17:00:00",
"dateReserved": "2008-12-24T00:00:00",
"dateUpdated": "2024-08-07T11:04:44.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9102
Vulnerability from cvelistv5
Published
2016-12-09 22:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/93962 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/27/15 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff55e94d23ae94c8628b0115320157c763eb3e06 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/10/30/6 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "93962",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93962"
},
{
"name": "[qemu-devel] 20161010 Re: [PATCH] 9pfs: fix memory leak in v9fs_xattrcreate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: memory leakage when creating extended attribute",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/27/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff55e94d23ae94c8628b0115320157c763eb3e06"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: memory leakage when creating extended attribute",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/6"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "93962",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93962"
},
{
"name": "[qemu-devel] 20161010 Re: [PATCH] 9pfs: fix memory leak in v9fs_xattrcreate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: memory leakage when creating extended attribute",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/27/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff55e94d23ae94c8628b0115320157c763eb3e06"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: memory leakage when creating extended attribute",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/6"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9102",
"datePublished": "2016-12-09T22:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9916
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94729 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=898ae90a44551d25b8e956fd87372d303c82fe68 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/12/06/11 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/12/08/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "94729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94729"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=898ae90a44551d25b8e956fd87372d303c82fe68"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "94729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94729"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=898ae90a44551d25b8e956fd87372d303c82fe68"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9916",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5856
Vulnerability from cvelistv5
Published
2017-03-16 15:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/02/01/19 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/95999 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1418342 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201702-28 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2017/02/02/14 | mailing-list, x_refsource_MLIST | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170201 CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/19"
},
{
"name": "95999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95999"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418342"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170202 Re: CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20170201 CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/19"
},
{
"name": "95999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95999"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418342"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "[oss-security] 20170202 Re: CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-5856",
"datePublished": "2017-03-16T15:00:00",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4375
Vulnerability from cvelistv5
Published
2014-01-19 18:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-201407-03.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-2092-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2013/10/10/14 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html"
},
{
"name": "GLSA-201407-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "USN-2092-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2092-1"
},
{
"name": "[oss-security] 20131010 Xen Security Advisory 71 (CVE-2013-4375) - qemu disk backend (qdisk) resource leak",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html"
},
{
"name": "GLSA-201407-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "USN-2092-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2092-1"
},
{
"name": "[oss-security] 20131010 Xen Security Advisory 71 (CVE-2013-4375) - qemu disk backend (qdisk) resource leak",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4375",
"datePublished": "2014-01-19T18:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-17963
Vulnerability from cvelistv5
Published
2018-10-09 22:00
Modified
2024-08-05 11:01
Severity ?
EPSS score ?
Summary
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/10/08/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4338 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3826-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2019:2166 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:2425 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:2553 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "DSA-4338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "[qemu-devel] 20180926 [PULL 24/25] net: ignore packet size greater than INT_MAX",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html"
},
{
"name": "RHSA-2019:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2166"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-27T04:32:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "DSA-4338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "[qemu-devel] 20180926 [PULL 24/25] net: ignore packet size greater than INT_MAX",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html"
},
{
"name": "RHSA-2019:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2166"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "DSA-4338",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "[qemu-devel] 20180926 [PULL 24/25] net: ignore packet size greater than INT_MAX",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg06054.html"
},
{
"name": "RHSA-2019:2166",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2166"
},
{
"name": "RHSA-2019:2425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17963",
"datePublished": "2018-10-09T22:00:00",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0223
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67391 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2014/dsa-3044 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67391",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67391"
},
{
"name": "[Qemu-devel] 20140512 [PATCH 4/5] qcow1: Validate image size (CVE-2014-0223)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html"
},
{
"name": "SUSE-SU-2015:0929",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "FEDORA-2014-6970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "67391",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67391"
},
{
"name": "[Qemu-devel] 20140512 [PATCH 4/5] qcow1: Validate image size (CVE-2014-0223)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html"
},
{
"name": "SUSE-SU-2015:0929",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "FEDORA-2014-6970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0223",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5126
Vulnerability from cvelistv5
Published
2016-06-01 22:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:47.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:1756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1756.html"
},
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "RHSA-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1655.html"
},
{
"name": "[oss-security] 20160530 CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/6"
},
{
"name": "RHSA-2016:1763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1763.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "90948",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90948"
},
{
"name": "RHSA-2016:1653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1653.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196"
},
{
"name": "RHSA-2016:1607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1607.html"
},
{
"name": "RHSA-2016:1654",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1654.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "RHSA-2016:1606",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1606.html"
},
{
"name": "[oss-security] 20160530 Re: CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/7"
},
{
"name": "[qemu-block] 20160524 [Qemu-block] [PATCH] block/iscsi: avoid potential overflow of acb-\u003etask-\u003ecdb",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340924"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T10:06:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:1756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1756.html"
},
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "RHSA-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1655.html"
},
{
"name": "[oss-security] 20160530 CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/6"
},
{
"name": "RHSA-2016:1763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1763.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "90948",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90948"
},
{
"name": "RHSA-2016:1653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1653.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a6b3167fa0e825aebb5a7cd8b437b6d41584a196"
},
{
"name": "RHSA-2016:1607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1607.html"
},
{
"name": "RHSA-2016:1654",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1654.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "RHSA-2016:1606",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1606.html"
},
{
"name": "[oss-security] 20160530 Re: CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/30/7"
},
{
"name": "[qemu-block] 20160524 [Qemu-block] [PATCH] block/iscsi: avoid potential overflow of acb-\u003etask-\u003ecdb",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340924"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5126",
"datePublished": "2016-06-01T22:00:00",
"dateReserved": "2016-05-30T00:00:00",
"dateUpdated": "2024-08-06T00:53:47.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4533
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=caa881abe0e01f9931125a0977ec33c5343e4aa7 | x_refsource_CONFIRM | |
| http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=caa881abe0e01f9931125a0977ec33c5343e4aa7"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s-\u003erx_level value in a savevm image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=caa881abe0e01f9931125a0977ec33c5343e4aa7"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4533",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4541
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0743.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0744.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f8e9895c504149d7048e9fc5eb5cbb34b16e49a"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4541",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3750
Vulnerability from cvelistv5
Published
2022-05-02 18:48
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1999073 | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/issues/541 | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/issues/556 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220624-0003/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999073"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/541"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/556"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220624-0003/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "QEMU before version 7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller\u0027s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:09:23",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999073"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/541"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/556"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220624-0003/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3750",
"datePublished": "2022-05-02T18:48:12",
"dateReserved": "2021-08-30T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20125
Vulnerability from cvelistv5
Published
2018-12-20 21:00
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/12/19/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/106298 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3923-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:19.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181219 CVE-2018-20125 QEMU: pvrdma: null dereference or excessive memory allocation when creating QP/CQ",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/19/3"
},
{
"name": "106298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106298"
},
{
"name": "[qemu-devel] 20181213 [PATCH v2 3/6] pvrdma: check number of pages when creating rings",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-27T13:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20181219 CVE-2018-20125 QEMU: pvrdma: null dereference or excessive memory allocation when creating QP/CQ",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/19/3"
},
{
"name": "106298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106298"
},
{
"name": "[qemu-devel] 20181213 [PATCH v2 3/6] pvrdma: check number of pages when creating rings",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181219 CVE-2018-20125 QEMU: pvrdma: null dereference or excessive memory allocation when creating QP/CQ",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/12/19/3"
},
{
"name": "106298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106298"
},
{
"name": "[qemu-devel] 20181213 [PATCH v2 3/6] pvrdma: check number of pages when creating rings",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html"
},
{
"name": "USN-3923-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3923-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20125",
"datePublished": "2018-12-20T21:00:00",
"dateReserved": "2018-12-13T00:00:00",
"dateUpdated": "2024-08-05T11:51:19.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8086
Vulnerability from cvelistv5
Published
2017-05-02 14:00
Modified
2024-08-05 16:27
Severity ?
EPSS score ?
Summary
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/04/25/5 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1444781 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/98012 | vdb-entry, x_refsource_BID | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:21.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20170425 CVE-2017-8086 Qemu: 9pfs: host memory leakage via v9pfs_list_xattr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/25/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444781"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[qemu-devel] 20170410 [PULL] 9pfs: xattr: fix memory leak in v9fs_list_xattr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html"
},
{
"name": "98012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98012"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20170425 CVE-2017-8086 Qemu: 9pfs: host memory leakage via v9pfs_list_xattr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/25/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444781"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[qemu-devel] 20170410 [PULL] 9pfs: xattr: fix memory leak in v9fs_list_xattr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html"
},
{
"name": "98012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98012"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170425 CVE-2017-8086 Qemu: 9pfs: host memory leakage via v9pfs_list_xattr",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/04/25/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1444781",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444781"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[qemu-devel] 20170410 [PULL] 9pfs: xattr: fix memory leak in v9fs_list_xattr",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html"
},
{
"name": "98012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98012"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=4ffcdef4277a91af15a3c09f7d16af072c29f3f2",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=4ffcdef4277a91af15a3c09f7d16af072c29f3f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8086",
"datePublished": "2017-05-02T14:00:00",
"dateReserved": "2017-04-24T00:00:00",
"dateUpdated": "2024-08-05T16:27:21.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16845
Vulnerability from cvelistv5
Published
2017-11-17 20:00
Modified
2024-08-05 20:35
Severity ?
EPSS score ?
Summary
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3649-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4213 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3575-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/101923 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3649-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3649-1/"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[qemu-devel] 20171116 [PATCH v2] ps2: check PS2Queue indices in post_load routine",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "101923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/input/ps2.c in Qemu does not validate \u0027rptr\u0027 and \u0027count\u0027 values during guest migration, leading to out-of-bounds access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3649-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3649-1/"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[qemu-devel] 20171116 [PATCH v2] ps2: check PS2Queue indices in post_load routine",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "101923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101923"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/input/ps2.c in Qemu does not validate \u0027rptr\u0027 and \u0027count\u0027 values during guest migration, leading to out-of-bounds access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3649-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3649-1/"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[qemu-devel] 20171116 [PATCH v2] ps2: check PS2Queue indices in post_load routine",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "101923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101923"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16845",
"datePublished": "2017-11-17T20:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T20:35:21.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3392
Vulnerability from cvelistv5
Published
2021-03-23 19:07
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1924042 | x_refsource_MISC | |
| https://bugs.launchpad.net/qemu/+bug/1914236 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0001/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924042"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1914236"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0001/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "between 2.10.0 and 5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object \u0027req\u0027 from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:15",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924042"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1914236"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0001/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "between 2.10.0 and 5.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object \u0027req\u0027 from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1924042",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924042"
},
{
"name": "https://bugs.launchpad.net/qemu/+bug/1914236",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/qemu/+bug/1914236"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0001/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3392",
"datePublished": "2021-03-23T19:07:17",
"dateReserved": "2021-02-02T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4001
Vulnerability from cvelistv5
Published
2016-05-23 19:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:29.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20160408 [PATCH v3] net: stellaris_enet: check packet length against receive buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html"
},
{
"name": "[oss-security] 20160411 CVE request: Qemu: net: buffer overflow in stellaris_enet emulator",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/4"
},
{
"name": "FEDORA-2016-48e72b7bc5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html"
},
{
"name": "[oss-security] 20160412 Re: CVE request: Qemu: net: buffer overflow in stellaris_enet emulator",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/12/6"
},
{
"name": "85976",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85976"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "FEDORA-2016-35d7b09908",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3a15cc0e1ee7168db0782133d2607a6bfa422d66"
},
{
"name": "FEDORA-2016-75063477ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20160408 [PATCH v3] net: stellaris_enet: check packet length against receive buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html"
},
{
"name": "[oss-security] 20160411 CVE request: Qemu: net: buffer overflow in stellaris_enet emulator",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/4"
},
{
"name": "FEDORA-2016-48e72b7bc5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html"
},
{
"name": "[oss-security] 20160412 Re: CVE request: Qemu: net: buffer overflow in stellaris_enet emulator",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/12/6"
},
{
"name": "85976",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85976"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "FEDORA-2016-35d7b09908",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3a15cc0e1ee7168db0782133d2607a6bfa422d66"
},
{
"name": "FEDORA-2016-75063477ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4001",
"datePublished": "2016-05-23T19:00:00",
"dateReserved": "2016-04-12T00:00:00",
"dateUpdated": "2024-08-06T00:17:29.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15890
Vulnerability from cvelistv5
Published
2019-09-06 16:55
Modified
2024-08-05 01:03
Severity ?
EPSS score ?
Summary
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/09/06/3 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4191-2/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4191-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://seclists.org/bugtraq/2020/Feb/0 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2020/dsa-4616 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2020:0775 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:03:31.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/0"
},
{
"name": "DSA-4616",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4616"
},
{
"name": "RHSA-2020:0775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T11:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/0"
},
{
"name": "DSA-4616",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4616"
},
{
"name": "RHSA-2020:0775",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/09/06/3",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2019/09/06/3"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "USN-4191-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "openSUSE-SU-2019:2510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "USN-4191-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "20200203 [SECURITY] [DSA 4616-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/0"
},
{
"name": "DSA-4616",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4616"
},
{
"name": "RHSA-2020:0775",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15890",
"datePublished": "2019-09-06T16:55:12",
"dateReserved": "2019-09-03T00:00:00",
"dateUpdated": "2024-08-05T01:03:31.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9105
Vulnerability from cvelistv5
Published
2016-12-09 22:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93965 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4c1586787ff43c9acd18a56c12d720e3e6be9f7c | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/28/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/30/9 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93965"
},
{
"name": "[qemu-devel] 20161012 Re: [PATCH] 9pfs: fix memory leak in v9fs_link",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4c1586787ff43c9acd18a56c12d720e3e6be9f7c"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: memory leakage in v9fs_link",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/3"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: memory leakage in v9fs_link",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "93965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93965"
},
{
"name": "[qemu-devel] 20161012 Re: [PATCH] 9pfs: fix memory leak in v9fs_link",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4c1586787ff43c9acd18a56c12d720e3e6be9f7c"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: memory leakage in v9fs_link",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/3"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: memory leakage in v9fs_link",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9105",
"datePublished": "2016-12-09T22:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5931
Vulnerability from cvelistv5
Published
2017-03-27 15:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/96141 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201702-28 | vendor-advisory, x_refsource_GENTOO | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=a08aaff811fb194950f79711d2afe5a892ae03a4 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/02/08/2 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1420092 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:48.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20170110 [PULL 03/41] virtio-crypto: fix possible integer and heap overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html"
},
{
"name": "96141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96141"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=a08aaff811fb194950f79711d2afe5a892ae03a4"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: virtio: integer overflow in handling virtio-crypto requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/08/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20170110 [PULL 03/41] virtio-crypto: fix possible integer and heap overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html"
},
{
"name": "96141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96141"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=a08aaff811fb194950f79711d2afe5a892ae03a4"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: virtio: integer overflow in handling virtio-crypto requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/08/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420092"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-5931",
"datePublished": "2017-03-27T15:00:00",
"dateReserved": "2017-02-07T00:00:00",
"dateUpdated": "2024-08-05T15:18:48.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0147
Vulnerability from cvelistv5
Published
2020-02-11 03:30
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1078848 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1086717 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2014-0420.html | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2014-0421.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/03/26/8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086717"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 1.6.2"
}
]
}
],
"datePublic": "2014-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:46:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086717"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0147",
"datePublished": "2020-02-11T03:30:50",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16847
Vulnerability from cvelistv5
Published
2018-11-02 22:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847 | x_refsource_CONFIRM | |
| https://www.openwall.com/lists/oss-security/2018/11/02/1 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html | x_refsource_MISC | |
| https://usn.ubuntu.com/3826-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/105866 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847"
},
{
"name": "[oss-security] 20181102 CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/11/02/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "105866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105866"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU:",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847"
},
{
"name": "[oss-security] 20181102 CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2018/11/02/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "105866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105866"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16847",
"datePublished": "2018-11-02T22:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:32:54.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18030
Vulnerability from cvelistv5
Published
2018-01-23 18:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2018/01/15/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/102520 | vdb-entry, x_refsource_BID | |
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f153b563f8cf121aebf5a2fff5f0110faf58ccb3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:50.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20180115 CVE-2017-18030 Qemu: Out-of-bounds access in cirrus_invalidate_region routine",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/01/15/3"
},
{
"name": "102520",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102520"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f153b563f8cf121aebf5a2fff5f0110faf58ccb3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20180115 CVE-2017-18030 Qemu: Out-of-bounds access in cirrus_invalidate_region routine",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/01/15/3"
},
{
"name": "102520",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102520"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f153b563f8cf121aebf5a2fff5f0110faf58ccb3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20180115 CVE-2017-18030 Qemu: Out-of-bounds access in cirrus_invalidate_region routine",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/01/15/3"
},
{
"name": "102520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102520"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=f153b563f8cf121aebf5a2fff5f0110faf58ccb3",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=f153b563f8cf121aebf5a2fff5f0110faf58ccb3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18030",
"datePublished": "2018-01-23T18:00:00",
"dateReserved": "2018-01-13T00:00:00",
"dateUpdated": "2024-08-05T21:06:50.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7908
Vulnerability from cvelistv5
Published
2016-10-05 16:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/03/2 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=070c4b92b8cd5390889716677a0b92444d6e087a | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/93273 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/03/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:20.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161003 CVE request Qemu: net: Infinite loop in mcf_fec_do_tx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/2"
},
{
"name": "[qemu-devel] 20160922 [PATCH v2] net: mcf: limit buffer descriptor count",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=070c4b92b8cd5390889716677a0b92444d6e087a"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93273"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20161003 Re: CVE request Qemu: net: Infinite loop in mcf_fec_do_tx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161003 CVE request Qemu: net: Infinite loop in mcf_fec_do_tx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/2"
},
{
"name": "[qemu-devel] 20160922 [PATCH v2] net: mcf: limit buffer descriptor count",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=070c4b92b8cd5390889716677a0b92444d6e087a"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93273"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[oss-security] 20161003 Re: CVE request Qemu: net: Infinite loop in mcf_fec_do_tx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7908",
"datePublished": "2016-10-05T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:20.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3545
Vulnerability from cvelistv5
Published
2021-06-02 13:30
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/05/31/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1958955 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210720-0008/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2021/dsa-4980 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:06.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210531 QEMU: security issues in vhost-user-gpu",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
},
{
"name": "DSA-4980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All QEMU versions up to and including 6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908-\u003eCWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:12:52",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210531 QEMU: security issues in vhost-user-gpu",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
},
{
"name": "DSA-4980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3545",
"datePublished": "2021-06-02T13:30:27",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-08-03T17:01:06.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8556
Vulnerability from cvelistv5
Published
2017-03-24 14:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/39010/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/134948/Gentoo-QEMU-Local-Privilege-Escalation.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39010",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39010/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134948/Gentoo-QEMU-Local-Privilege-Escalation.html"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-24T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39010",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39010/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134948/Gentoo-QEMU-Local-Privilege-Escalation.html"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39010",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39010/"
},
{
"name": "http://packetstormsecurity.com/files/134948/Gentoo-QEMU-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134948/Gentoo-QEMU-Local-Privilege-Escalation.html"
},
{
"name": "GLSA-201602-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8556",
"datePublished": "2017-03-24T14:00:00",
"dateReserved": "2015-12-14T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18954
Vulnerability from cvelistv5
Published
2018-11-15 20:00
Modified
2024-08-05 11:23
Severity ?
EPSS score ?
Summary
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3826-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2018/11/06/6 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/105920 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00446.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html | vendor-advisory, x_refsource_SUSE | |
| https://www.debian.org/security/2019/dsa-4454 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/May/76 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[oss-security] 20181107 CVE-2018-18954 QEMU: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/11/06/6"
},
{
"name": "105920",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105920"
},
{
"name": "[Qemu-devel] 20181103 [PATCH v2] ppc/pnv: check size before data buffer access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00446.html"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T13:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[oss-security] 20181107 CVE-2018-18954 QEMU: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/11/06/6"
},
{
"name": "105920",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105920"
},
{
"name": "[Qemu-devel] 20181103 [PATCH v2] ppc/pnv: check size before data buffer access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00446.html"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[oss-security] 20181107 CVE-2018-18954 QEMU: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/11/06/6"
},
{
"name": "105920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105920"
},
{
"name": "[Qemu-devel] 20181103 [PATCH v2] ppc/pnv: check size before data buffer access",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00446.html"
},
{
"name": "openSUSE-SU-2019:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
},
{
"name": "DSA-4454",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/76"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18954",
"datePublished": "2018-11-15T20:00:00",
"dateReserved": "2018-11-05T00:00:00",
"dateUpdated": "2024-08-05T11:23:08.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12247
Vulnerability from cvelistv5
Published
2019-05-22 14:22
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108434 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-12247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T20:31:29.906392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T20:31:39.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:39.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.html"
},
{
"name": "108434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108434"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-30T14:52:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.html"
},
{
"name": "108434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108434"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.html"
},
{
"name": "108434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108434"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12247",
"datePublished": "2019-05-22T14:22:54",
"dateReserved": "2019-05-21T00:00:00",
"dateUpdated": "2024-08-04T23:17:39.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7156
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01246.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/06/3 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/09/07/2 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/92774 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20160906 [PATCH v3] scsi: pvscsi: avoid infinite loop while building SG list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01246.html"
},
{
"name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/3"
},
{
"name": "[qemu-devel] 20160906 [PATCH v2] scsi: pvscsi: check request descriptor SG element count",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html"
},
{
"name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/2"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "92774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[qemu-devel] 20160906 [PATCH v3] scsi: pvscsi: avoid infinite loop while building SG list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01246.html"
},
{
"name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/3"
},
{
"name": "[qemu-devel] 20160906 [PATCH v2] scsi: pvscsi: check request descriptor SG element count",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html"
},
{
"name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/2"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "92774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20160906 [PATCH v3] scsi: pvscsi: avoid infinite loop while building SG list",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01246.html"
},
{
"name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/3"
},
{
"name": "[qemu-devel] 20160906 [PATCH v2] scsi: pvscsi: check request descriptor SG element count",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html"
},
{
"name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/2"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "92774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7156",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-09-06T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4536
Vulnerability from cvelistv5
Published
2021-05-28 16:58
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1066401 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210727-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu-kvm 1.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T15:06:36",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "qemu-kvm 1.5.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066401"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210727-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210727-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4536",
"datePublished": "2021-05-28T16:58:49",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0142
Vulnerability from cvelistv5
Published
2017-08-10 15:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0420.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=8e53abbc20d08ae3ec30c2054e1161314ad9501d | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-0421.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9302e863aa8baa5d932fc078967050c055fa1a7f | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1078201 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-3044 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=8e53abbc20d08ae3ec30c2054e1161314ad9501d"
},
{
"name": "RHSA-2014:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9302e863aa8baa5d932fc078967050c055fa1a7f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078201"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=8e53abbc20d08ae3ec30c2054e1161314ad9501d"
},
{
"name": "RHSA-2014:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9302e863aa8baa5d932fc078967050c055fa1a7f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078201"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0142",
"datePublished": "2017-08-10T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5278
Vulnerability from cvelistv5
Published
2020-01-23 19:40
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html | x_refsource_MISC | |
| http://www.ubuntu.com/usn/USN-2745-1 | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/09/15/2 | x_refsource_MISC | |
| https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "before 2.4.0.1"
}
]
}
],
"datePublic": "2015-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:03:31",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5278",
"datePublished": "2020-01-23T19:40:18",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8668
Vulnerability from cvelistv5
Published
2016-11-04 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/15/9 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/10/14/8 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/93566 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161015 Re: CVE request Qemu: net: OOB buffer access in rocker switch emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/15/9"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161014 CVE request Qemu: net: OOB buffer access in rocker switch emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/14/8"
},
{
"name": "[qemu-devel] 20161012 [PATCH] net: rocker: set limit to DMA buffer size",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93566"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161015 Re: CVE request Qemu: net: OOB buffer access in rocker switch emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/15/9"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161014 CVE request Qemu: net: OOB buffer access in rocker switch emulation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/14/8"
},
{
"name": "[qemu-devel] 20161012 [PATCH] net: rocker: set limit to DMA buffer size",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "93566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93566"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8668",
"datePublished": "2016-11-04T21:00:00",
"dateReserved": "2016-10-15T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4553
Vulnerability from cvelistv5
Published
2008-10-15 19:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2008/dsa-1657 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2008/10/30/2 | mailing-list, x_refsource_MLIST | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44831 | vdb-entry, x_refsource_XF | |
| https://bugs.gentoo.org/show_bug.cgi?id=235770 | x_refsource_CONFIRM | |
| https://bugs.gentoo.org/show_bug.cgi?id=235826 | x_refsource_CONFIRM | |
| http://uvw.ru/report.lenny.txt | x_refsource_MISC | |
| http://secunia.com/advisories/32335 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2008/10/13/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2008/10/14/4 | mailing-list, x_refsource_MLIST | |
| http://dev.gentoo.org/~rbu/security/debiantemp/qemu | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/30931 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1657",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1657"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394"
},
{
"name": "qemu-qemumakedebianroot-symlink(44831)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44831"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235826"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "32335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32335"
},
{
"name": "[oss-security] 20081013 CVE id request: qemu",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/13/2"
},
{
"name": "[oss-security] 20081014 Re: CVE id request: qemu",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/14/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/qemu"
},
{
"name": "30931",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1657",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1657"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394"
},
{
"name": "qemu-qemumakedebianroot-symlink(44831)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44831"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235826"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "32335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32335"
},
{
"name": "[oss-security] 20081013 CVE id request: qemu",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/13/2"
},
{
"name": "[oss-security] 20081014 Re: CVE id request: qemu",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/14/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/qemu"
},
{
"name": "30931",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30931"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1657",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1657"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394"
},
{
"name": "qemu-qemumakedebianroot-symlink(44831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44831"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235826",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235826"
},
{
"name": "http://uvw.ru/report.lenny.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "32335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32335"
},
{
"name": "[oss-security] 20081013 CVE id request: qemu",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/13/2"
},
{
"name": "[oss-security] 20081014 Re: CVE id request: qemu",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/14/4"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/qemu",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/qemu"
},
{
"name": "30931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4553",
"datePublished": "2008-10-15T19:00:00",
"dateReserved": "2008-10-14T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9911
Vulnerability from cvelistv5
Published
2016-12-23 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94762 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2016/12/08/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "94762",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94762"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[oss-security] 20161208 Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in \u0027ehci_init_transfer\u0027. A guest user/process could use this issue to leak host memory, resulting in DoS for a host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "94762",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94762"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[oss-security] 20161208 Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9911",
"datePublished": "2016-12-23T22:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9907
Vulnerability from cvelistv5
Published
2016-12-23 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94759 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/08/3 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94759",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94759"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: usb: redirector: memory leakage when destroying",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/3"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in \u0027usbredir_handle_destroy\u0027. A guest user/process could use this issue to leak host memory, resulting in DoS for a host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "94759",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94759"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: usb: redirector: memory leakage when destroying",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/3"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9907",
"datePublished": "2016-12-23T22:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4377
Vulnerability from cvelistv5
Published
2013-10-11 22:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1012633 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/55015 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/USN-2092-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2013/09/26/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:02.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-devel] 20130920 [PATCH 11/11] virtio-pci: add device_unplugged callback",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012633"
},
{
"name": "55015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55015"
},
{
"name": "USN-2092-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2092-1"
},
{
"name": "[oss-security] 20130926 Re: CVE request: qemu host crash from within guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/26/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by \"hot-unplugging\" a virtio device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-03T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-devel] 20130920 [PATCH 11/11] virtio-pci: add device_unplugged callback",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2013-09/msg03347.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1012633"
},
{
"name": "55015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55015"
},
{
"name": "USN-2092-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2092-1"
},
{
"name": "[oss-security] 20130926 Re: CVE request: qemu host crash from within guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/09/26/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4377",
"datePublished": "2013-10-11T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:02.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7211
Vulnerability from cvelistv5
Published
2020-01-21 16:12
Modified
2024-08-04 09:25
Severity ?
EPSS score ?
Summary
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/01/17/2 | x_refsource_CONFIRM | |
| https://security-tracker.debian.org/tracker/CVE-2020-7211 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/17/2"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2020-7211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\\ directory traversal on Windows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T16:12:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/17/2"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2020-7211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\\ directory traversal on Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/01/17/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/01/17/2"
},
{
"name": "Debian",
"refsource": "DEBIAN",
"url": "https://security-tracker.debian.org/tracker/CVE-2020-7211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7211",
"datePublished": "2020-01-21T16:12:33",
"dateReserved": "2020-01-16T00:00:00",
"dateUpdated": "2024-08-04T09:25:48.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9915
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/94729 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/06/11 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/12/08/7 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=971f406b77a6eb84e0ad27dcc416b663765aee30 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "94729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94729"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=971f406b77a6eb84e0ad27dcc416b663765aee30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "94729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94729"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=971f406b77a6eb84e0ad27dcc416b663765aee30"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9915",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2630
Vulnerability from cvelistv5
Published
2018-07-27 18:00
Modified
2024-08-05 14:02
Severity ?
EPSS score ?
Summary
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/96265 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201704-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2017/02/15/2 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1422415 | x_refsource_CONFIRM | |
| https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "96265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96265"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "[oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/15/2"
},
{
"name": "[qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu:",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.9"
}
]
}
],
"datePublic": "2017-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server\u0027s response to a \u0027NBD_OPT_LIST\u0027 request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T12:55:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "96265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96265"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "[oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/15/2"
},
{
"name": "[qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qemu:",
"version": {
"version_data": [
{
"version_value": "2.9"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server\u0027s response to a \u0027NBD_OPT_LIST\u0027 request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "4.6/AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "96265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96265"
},
{
"name": "GLSA-201704-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "[oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/15/2"
},
{
"name": "[qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422415"
},
{
"name": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85",
"refsource": "MISC",
"url": "https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2630",
"datePublished": "2018-07-27T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:07.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1321
Vulnerability from cvelistv5
Published
2007-10-30 22:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "FEDORA-2007-2270",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
},
{
"name": "27047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27047"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "1018761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018761"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "35495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35495"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "FEDORA-2007-2708",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
},
{
"name": "27103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27103"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "RHSA-2007:0323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25095"
},
{
"name": "27072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27072"
},
{
"name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
},
{
"name": "FEDORA-2007-713",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
},
{
"name": "oval:org.mitre.oval:def:9302",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "FEDORA-2007-2270",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
},
{
"name": "27047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27047"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "1018761",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018761"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "35495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35495"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "FEDORA-2007-2708",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
},
{
"name": "27103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27103"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "RHSA-2007:0323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25095"
},
{
"name": "27072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27072"
},
{
"name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
},
{
"name": "FEDORA-2007-713",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
},
{
"name": "oval:org.mitre.oval:def:9302",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "FEDORA-2007-2270",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
},
{
"name": "27047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27047"
},
{
"name": "DSA-1284",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "1018761",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018761"
},
{
"name": "25073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25073"
},
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "35495",
"refsource": "OSVDB",
"url": "http://osvdb.org/35495"
},
{
"name": "ADV-2007-1597",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "FEDORA-2007-2708",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
},
{
"name": "27103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27103"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "RHSA-2007:0323",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
},
{
"name": "25095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25095"
},
{
"name": "27072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27072"
},
{
"name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
},
{
"name": "FEDORA-2007-713",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
},
{
"name": "oval:org.mitre.oval:def:9302",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1321",
"datePublished": "2007-10-30T22:00:00",
"dateReserved": "2007-03-07T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15119
Vulnerability from cvelistv5
Published
2018-07-27 16:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2017/11/28/9 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102011 | vdb-entry, x_refsource_BID | |
| https://www.debian.org/security/2018/dsa-4213 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:1104 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:1113 | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/3575-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/9"
},
{
"name": "102011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102011"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.11"
}
]
}
],
"datePublic": "2017-11-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/9"
},
{
"name": "102011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102011"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "2.11"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/11/28/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/9"
},
{
"name": "102011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102011"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15119",
"datePublished": "2018-07-27T16:00:00",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3616
Vulnerability from cvelistv5
Published
2009-10-23 18:00
Modified
2024-08-07 06:31
Severity ?
EPSS score ?
Summary
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=501131 | x_refsource_CONFIRM | |
| http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2009/10/16/8 | mailing-list, x_refsource_MLIST | |
| http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5 | x_refsource_CONFIRM | |
| http://marc.info/?l=qemu-devel&m=124324043812915 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=508567 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36716 | vdb-entry, x_refsource_BID | |
| http://rhn.redhat.com/errata/RHEA-2009-1272.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2009/10/16/5 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=505641 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=501131"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331"
},
{
"name": "[oss-security] 20091016 Re: QEMU VNC use-after-free",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5"
},
{
"name": "[qemu-devel] 20090525 Re: [STABLE] [BUG] VNC mode can crash QEMU",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=qemu-devel\u0026m=124324043812915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=508567"
},
{
"name": "36716",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHEA-2009-1272.html"
},
{
"name": "[oss-security] 20091016 QEMU VNC use-after-free",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=505641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-01T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=501131"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331"
},
{
"name": "[oss-security] 20091016 Re: QEMU VNC use-after-free",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5"
},
{
"name": "[qemu-devel] 20090525 Re: [STABLE] [BUG] VNC mode can crash QEMU",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=qemu-devel\u0026m=124324043812915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=508567"
},
{
"name": "36716",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rhn.redhat.com/errata/RHEA-2009-1272.html"
},
{
"name": "[oss-security] 20091016 QEMU VNC use-after-free",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=505641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=501131",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=501131"
},
{
"name": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=753b405331"
},
{
"name": "[oss-security] 20091016 Re: QEMU VNC use-after-free",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/8"
},
{
"name": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/qemu.git/commit/?id=198a0039c5"
},
{
"name": "[qemu-devel] 20090525 Re: [STABLE] [BUG] VNC mode can crash QEMU",
"refsource": "MLIST",
"url": "http://marc.info/?l=qemu-devel\u0026m=124324043812915"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=508567",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=508567"
},
{
"name": "36716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36716"
},
{
"name": "http://rhn.redhat.com/errata/RHEA-2009-1272.html",
"refsource": "CONFIRM",
"url": "http://rhn.redhat.com/errata/RHEA-2009-1272.html"
},
{
"name": "[oss-security] 20091016 QEMU VNC use-after-free",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/10/16/5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=505641",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=505641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3616",
"datePublished": "2009-10-23T18:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10717
Vulnerability from cvelistv5
Published
2020-05-04 00:00
Modified
2024-08-04 11:14
Severity ?
EPSS score ?
Summary
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The QEMU Project | QEMU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00141.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/04/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "The QEMU Project",
"versions": [
{
"status": "affected",
"version": "\u003e= QEMU v5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version \u003e= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202011-09"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00141.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2020/05/04/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10717",
"datePublished": "2020-05-04T00:00:00",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:14.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1714
Vulnerability from cvelistv5
Published
2016-04-07 19:00
Modified
2024-08-05 23:02
Severity ?
EPSS score ?
Summary
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160112 Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/12/10"
},
{
"name": "RHSA-2016:0083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0083.html"
},
{
"name": "RHSA-2016:0085",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0085.html"
},
{
"name": "RHSA-2016:0086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0086.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "[oss-security] 20160112 Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/12/11"
},
{
"name": "[oss-security] 20160111 CVE request Qemu: nvram: OOB r/w access in processing firmware configurations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/11/7"
},
{
"name": "1034858",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034858"
},
{
"name": "[Qemu-devel] 20160106 [PATCH v2 for v2.3.0] fw_cfg: add check to validate current entry value",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html"
},
{
"name": "RHSA-2016:0081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0081.html"
},
{
"name": "80250",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80250"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "RHSA-2016:0082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0082.html"
},
{
"name": "RHSA-2016:0087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0087.html"
},
{
"name": "RHSA-2016:0084",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0084.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "RHSA-2016:0088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0088.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160112 Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/12/10"
},
{
"name": "RHSA-2016:0083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0083.html"
},
{
"name": "RHSA-2016:0085",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0085.html"
},
{
"name": "RHSA-2016:0086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0086.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "[oss-security] 20160112 Re: Re: CVE request Qemu: nvram: OOB r/w access in processing firmware configurations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/12/11"
},
{
"name": "[oss-security] 20160111 CVE request Qemu: nvram: OOB r/w access in processing firmware configurations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/11/7"
},
{
"name": "1034858",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034858"
},
{
"name": "[Qemu-devel] 20160106 [PATCH v2 for v2.3.0] fw_cfg: add check to validate current entry value",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html"
},
{
"name": "RHSA-2016:0081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0081.html"
},
{
"name": "80250",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80250"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "RHSA-2016:0082",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0082.html"
},
{
"name": "RHSA-2016:0087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0087.html"
},
{
"name": "RHSA-2016:0084",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0084.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "RHSA-2016:0088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0088.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-1714",
"datePublished": "2016-04-07T19:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3748
Vulnerability from cvelistv5
Published
2022-03-23 19:46
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1998514 | x_refsource_MISC | |
| https://ubuntu.com/security/CVE-2021-3748 | x_refsource_MISC | |
| https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 | x_refsource_MISC | |
| https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220425-0004/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| n/a | QEMU (virtio-net) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html"
},
{
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220425-0004/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU (virtio-net)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects qemu v0.10.0 and above, Fixed In \u2013 v6.2.0-rc0 and above."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor\u0027s address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 - Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:41",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/CVE-2021-3748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html"
},
{
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220425-0004/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU (virtio-net)",
"version": {
"version_data": [
{
"version_value": "Affects qemu v0.10.0 and above, Fixed In \u2013 v6.2.0-rc0 and above."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor\u0027s address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 - Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1998514",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998514"
},
{
"name": "https://ubuntu.com/security/CVE-2021-3748",
"refsource": "MISC",
"url": "https://ubuntu.com/security/CVE-2021-3748"
},
{
"name": "https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6",
"refsource": "MISC",
"url": "https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6"
},
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html"
},
{
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220425-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220425-0004/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3748",
"datePublished": "2022-03-23T19:46:40",
"dateReserved": "2021-08-30T00:00:00",
"dateUpdated": "2024-08-03T17:09:08.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3214
Vulnerability from cvelistv5
Published
2015-08-31 10:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/product_security/qemu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/qemu"
},
{
"name": "37990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37990/"
},
{
"name": "GLSA-201510-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924"
},
{
"name": "DSA-3348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "RHSA-2015:1508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
},
{
"name": "RHSA-2015:1507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924"
},
{
"name": "RHSA-2015:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
},
{
"name": "1032598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032598"
},
{
"name": "75273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75273"
},
{
"name": "[oss-security] 20150625 Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/7"
},
{
"name": "[qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read()",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T13:58:33",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/product_security/qemu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/qemu"
},
{
"name": "37990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37990/"
},
{
"name": "GLSA-201510-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924"
},
{
"name": "DSA-3348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "RHSA-2015:1508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
},
{
"name": "RHSA-2015:1507",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924"
},
{
"name": "RHSA-2015:1512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
},
{
"name": "1032598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032598"
},
{
"name": "75273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75273"
},
{
"name": "[oss-security] 20150625 Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/7"
},
{
"name": "[qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read()",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3214",
"datePublished": "2015-08-31T10:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3301
Vulnerability from cvelistv5
Published
2023-09-13 16:09
Modified
2024-09-25 17:39
Severity ?
EPSS score ?
Summary
Triggerable assertion due to race condition in hot-unplug
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3301 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215784 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20231020-0008/ |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3301"
},
{
"name": "RHBZ#2215784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:39:47.385450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:39:58.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "8.1.0-rc0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-rhev",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Eugenio Perez Martin (Red Hat)."
}
],
"datePublic": "2023-06-19T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T16:09:36.861Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3301"
},
{
"name": "RHBZ#2215784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Triggerable assertion due to race condition in hot-unplug",
"x_redhatCweChain": "CWE-362-\u003eCWE-617: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Reachable Assertion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3301",
"datePublished": "2023-09-13T16:09:36.861Z",
"dateReserved": "2023-06-17T16:48:21.977Z",
"dateUpdated": "2024-09-25T17:39:58.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3735
Vulnerability from cvelistv5
Published
2022-08-26 15:25
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1997184 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2021-3735 | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2021-3735 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3735"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-3735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Not Known"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 - Improper Locking -\u003e CWE-400 - Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-26T15:25:40",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3735"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-3735"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3735",
"datePublished": "2022-08-26T15:25:40",
"dateReserved": "2021-08-25T00:00:00",
"dateUpdated": "2024-08-03T17:01:08.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0330
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-0330 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2160151 | issue-tracking, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html | mailing-list | |
| https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T18:43:40.453199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:29.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0330"
},
{
"name": "RHBZ#2160151",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151"
},
{
"name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/qemu-project/qemu",
"defaultStatus": "affected",
"packageName": "qemu",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8.1.0-rc0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Zheyu Ma for reporting this issue."
}
],
"datePublic": "2023-01-16T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:34:09.530Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0330"
},
{
"name": "RHBZ#2160151",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160151"
},
{
"name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
},
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-09-01T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-01-16T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow",
"x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-0330",
"datePublished": "2023-03-06T00:00:00",
"dateReserved": "2023-01-16T00:00:00",
"dateUpdated": "2024-08-02T05:10:55.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5667
Vulnerability from cvelistv5
Published
2017-03-16 15:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2017/01/30/2 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201702-28 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/95885 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/02/12/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1417559 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/01/31/10 | mailing-list, x_refsource_MLIST | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170130 CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/2"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95885"
},
{
"name": "[oss-security] 20170212 Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/12/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417559"
},
{
"name": "[oss-security] 20170131 Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170130 CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/30/2"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95885"
},
{
"name": "[oss-security] 20170212 Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/12/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417559"
},
{
"name": "[oss-security] 20170131 Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-5667",
"datePublished": "2017-03-16T15:00:00",
"dateReserved": "2017-01-31T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4538
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead7a57df37d2187813a121308213f41591bd811 | x_refsource_CONFIRM | |
| http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:15.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead7a57df37d2187813a121308213f41591bd811"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead7a57df37d2187813a121308213f41591bd811"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4538",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:15.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9374
Vulnerability from cvelistv5
Published
2017-06-16 22:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3920 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2017/06/06/3 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1459132 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/98905 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3920",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "[oss-security] 20170606 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/06/3"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459132"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "98905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3920",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "[oss-security] 20170606 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/06/3"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459132"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "98905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3920",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "[oss-security] 20170606 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/06/3"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1459132",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459132"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "98905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9374",
"datePublished": "2017-06-16T22:00:00",
"dateReserved": "2017-06-02T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-8934
Vulnerability from cvelistv5
Published
2019-03-17 19:11
Modified
2024-08-04 21:31
Severity ?
EPSS score ?
Summary
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/02/21/1 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107115 | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20190411-0006/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/21/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0006/"
},
{
"name": "openSUSE-SU-2019:1274",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html"
},
{
"name": "openSUSE-SU-2019:1405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T11:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/02/21/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/107115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0006/"
},
{
"name": "openSUSE-SU-2019:1274",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html"
},
{
"name": "openSUSE-SU-2019:1405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2019/02/21/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/02/21/1"
},
{
"name": "http://www.securityfocus.com/bid/107115",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/107115"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190411-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190411-0006/"
},
{
"name": "openSUSE-SU-2019:1274",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html"
},
{
"name": "openSUSE-SU-2019:1405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8934",
"datePublished": "2019-03-17T19:11:30",
"dateReserved": "2019-02-19T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1050
Vulnerability from cvelistv5
Published
2022-03-29 00:00
Modified
2024-08-02 23:47
Severity ?
EPSS score ?
Summary
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069625"
},
{
"name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 2.20.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-14T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069625"
},
{
"name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1050",
"datePublished": "2022-03-29T00:00:00",
"dateReserved": "2022-03-22T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13672
Vulnerability from cvelistv5
Published
2017-09-01 13:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2162 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2018:0816 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2017/dsa-3991 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2018:1104 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:1113 | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/3575-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1486560 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100540 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/08/30/3 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "[qemu-devel] 20170824 [PATCH] vga: stop passing pointers to vga_draw_line* functions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "DSA-3991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560"
},
{
"name": "100540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100540"
},
{
"name": "[oss-security] 20170830 CVE-2017-13672 Qemu: vga: OOB read access during display update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/08/30/3"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-29T00:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:2162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "[qemu-devel] 20170824 [PATCH] vga: stop passing pointers to vga_draw_line* functions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "DSA-3991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560"
},
{
"name": "100540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100540"
},
{
"name": "[oss-security] 20170830 CVE-2017-13672 Qemu: vga: OOB read access during display update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/08/30/3"
},
{
"name": "openSUSE-SU-2019:1074",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2162",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "[qemu-devel] 20170824 [PATCH] vga: stop passing pointers to vga_draw_line* functions",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html"
},
{
"name": "RHSA-2018:0816",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "DSA-3991",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560"
},
{
"name": "100540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100540"
},
{
"name": "[oss-security] 20170830 CVE-2017-13672 Qemu: vga: OOB read access during display update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/30/3"
},
{
"name": "openSUSE-SU-2019:1074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13672",
"datePublished": "2017-09-01T13:00:00",
"dateReserved": "2017-08-24T00:00:00",
"dateUpdated": "2024-08-05T19:05:19.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9375
Vulnerability from cvelistv5
Published
2017-06-16 22:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=96d87bdda3919bb16f754b3d3fd1227e1f38f13c | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98915 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1458744 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2017/dsa-3991 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2017/06/05/2 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=96d87bdda3919bb16f754b3d3fd1227e1f38f13c"
},
{
"name": "98915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458744"
},
{
"name": "DSA-3991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "[oss-security] 20170605 CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/05/2"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T10:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=96d87bdda3919bb16f754b3d3fd1227e1f38f13c"
},
{
"name": "98915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458744"
},
{
"name": "DSA-3991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "[oss-security] 20170605 CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/05/2"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c"
},
{
"name": "98915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98915"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1458744",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458744"
},
{
"name": "DSA-3991",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "[oss-security] 20170605 CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/05/2"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9375",
"datePublished": "2017-06-16T22:00:00",
"dateReserved": "2017-06-02T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3812
Vulnerability from cvelistv5
Published
2019-02-19 14:00
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/107059 | vdb-entry, x_refsource_BID | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/3923-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/ | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| https://www.debian.org/security/2019/dsa-4454 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/May/76 | mailing-list, x_refsource_BUGTRAQ |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The QEMU Project | qemu |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812"
},
{
"name": "107059",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107059"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
},
{
"name": "openSUSE-SU-2019:1274",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html"
},
{
"name": "openSUSE-SU-2019:1405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "The QEMU Project",
"versions": [
{
"status": "affected",
"version": "through version 2.10 and through to 3.1.0"
}
]
}
],
"datePublic": "2019-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T13:06:05",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812"
},
{
"name": "107059",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107059"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
},
{
"name": "openSUSE-SU-2019:1274",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html"
},
{
"name": "openSUSE-SU-2019:1405",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3812",
"datePublished": "2019-02-19T14:00:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3346
Vulnerability from cvelistv5
Published
2014-04-01 01:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2011-1401.html | vendor-advisory, x_refsource_REDHAT | |
| https://github.com/bonzini/qemu/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/10/20/2 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=736038 | x_refsource_CONFIRM | |
| https://github.com/bonzini/qemu/commit/7285477ab11831b1cf56e45878a89170dd06d9b9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"
},
{
"name": "RHSA-2011:1401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1401.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bonzini/qemu/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a"
},
{
"name": "[oss-security] 20111020 qemu: CVE-2011-3346",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/20/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=736038"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bonzini/qemu/commit/7285477ab11831b1cf56e45878a89170dd06d9b9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-01T00:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log"
},
{
"name": "RHSA-2011:1401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1401.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bonzini/qemu/commit/103b40f51e4012b3b0ad20f615562a1806d7f49a"
},
{
"name": "[oss-security] 20111020 qemu: CVE-2011-3346",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/20/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=736038"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bonzini/qemu/commit/7285477ab11831b1cf56e45878a89170dd06d9b9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3346",
"datePublished": "2014-04-01T01:00:00",
"dateReserved": "2011-08-30T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35504
Vulnerability from cvelistv5
Published
2021-05-28 10:20
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/04/16/3 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1909766 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/04/16/3 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210713-0006/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:28",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909766"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-35504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu 6.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20210416 QEMU: ESP security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1909766",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909766"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/04/16/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210713-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210713-0006/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35504",
"datePublished": "2021-05-28T10:20:40",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-04T17:02:08.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1779
Vulnerability from cvelistv5
Published
2016-01-12 19:00
Modified
2024-08-06 04:54
Severity ?
EPSS score ?
Summary
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:15.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2015:0870",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html"
},
{
"name": "FEDORA-2015-5541",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html"
},
{
"name": "DSA-3259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "[oss-security] 20150409 Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/09/6"
},
{
"name": "SUSE-SU-2015:0896",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
},
{
"name": "FEDORA-2015-5482",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html"
},
{
"name": "RHSA-2015:1931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1931.html"
},
{
"name": "[oss-security] 20150324 CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/9"
},
{
"name": "1033975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1943.html"
},
{
"name": "USN-2608-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2608-1"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html"
},
{
"name": "73303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73303"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2015:0870",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html"
},
{
"name": "FEDORA-2015-5541",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html"
},
{
"name": "DSA-3259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "[oss-security] 20150409 Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/09/6"
},
{
"name": "SUSE-SU-2015:0896",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
},
{
"name": "FEDORA-2015-5482",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html"
},
{
"name": "RHSA-2015:1931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1931.html"
},
{
"name": "[oss-security] 20150324 CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/9"
},
{
"name": "1033975",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1943.html"
},
{
"name": "USN-2608-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2608-1"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html"
},
{
"name": "73303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73303"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1779",
"datePublished": "2016-01-12T19:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:15.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27616
Vulnerability from cvelistv5
Published
2020-11-06 07:48
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/11/03/2 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20201202-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-02T11:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/11/03/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/11/03/2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201202-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27616",
"datePublished": "2020-11-06T07:48:01",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9922
Vulnerability from cvelistv5
Published
2017-03-27 15:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/94803 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1334398 | x_refsource_CONFIRM | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2016/12/09/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:30.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20161205 [PULL 4/4] display: cirrus: check vga bits per pixel(bpp) value",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "94803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94803"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=4299b90e9ba9ce5ca9024572804ba751aa1a7e70"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20161205 [PULL 4/4] display: cirrus: check vga bits per pixel(bpp) value",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "94803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94803"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334398"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=4299b90e9ba9ce5ca9024572804ba751aa1a7e70"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9922",
"datePublished": "2017-03-27T15:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:30.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5898
Vulnerability from cvelistv5
Published
2017-03-15 19:00
Modified
2024-08-05 15:11
Severity ?
EPSS score ?
Summary
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2017/02/07/3 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201702-28 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/96112 | vdb-entry, x_refsource_BID | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1419699 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1856 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2017:0582",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "SUSE-SU-2017:0570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name": "96112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name": "RHSA-2017:1856",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2017:0582",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "SUSE-SU-2017:0570",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name": "96112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name": "RHSA-2017:1856",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2017:0582",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html"
},
{
"name": "[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/07/3"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "SUSE-SU-2017:0570",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html"
},
{
"name": "96112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96112"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1419699"
},
{
"name": "RHSA-2017:1856",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5898",
"datePublished": "2017-03-15T19:00:00",
"dateReserved": "2017-02-07T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5552
Vulnerability from cvelistv5
Published
2017-03-15 15:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201702-28 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/95773 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/01/21/5 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=33243031dad02d161225ba99d782616da133f689 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/01/20/17 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95773",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95773"
},
{
"name": "[oss-security] 20170120 Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=33243031dad02d161225ba99d782616da133f689"
},
{
"name": "[oss-security] 20170120 CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95773",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95773"
},
{
"name": "[oss-security] 20170120 Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=33243031dad02d161225ba99d782616da133f689"
},
{
"name": "[oss-security] 20170120 CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95773"
},
{
"name": "[oss-security] 20170120 Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/5"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689"
},
{
"name": "[oss-security] 20170120 CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5552",
"datePublished": "2017-03-15T15:00:00",
"dateReserved": "2017-01-20T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5008
Vulnerability from cvelistv5
Published
2019-04-19 18:07
Modified
2024-08-04 19:40
Severity ?
EPSS score ?
Summary
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.qemu.org/?p=qemu.git%3Ba=history%3Bf=hw/sparc64/sun4u.c%3Bhb=HEAD | x_refsource_MISC | |
| https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108024 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/3978-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/ | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:48.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=history%3Bf=hw/sparc64/sun4u.c%3Bhb=HEAD"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/"
},
{
"name": "108024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108024"
},
{
"name": "USN-3978-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3978-1/"
},
{
"name": "FEDORA-2019-52a8f5468e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "FEDORA-2019-e9de40d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
},
{
"name": "openSUSE-SU-2019:2041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-01T17:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=history%3Bf=hw/sparc64/sun4u.c%3Bhb=HEAD"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/"
},
{
"name": "108024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108024"
},
{
"name": "USN-3978-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3978-1/"
},
{
"name": "FEDORA-2019-52a8f5468e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "FEDORA-2019-e9de40d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
},
{
"name": "openSUSE-SU-2019:2041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.qemu.org/?p=qemu.git;a=history;f=hw/sparc64/sun4u.c;hb=HEAD",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=history;f=hw/sparc64/sun4u.c;hb=HEAD"
},
{
"name": "https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/",
"refsource": "MISC",
"url": "https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/"
},
{
"name": "108024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108024"
},
{
"name": "USN-3978-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3978-1/"
},
{
"name": "FEDORA-2019-52a8f5468e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "FEDORA-2019-e9de40d53f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
},
{
"name": "openSUSE-SU-2019:2041",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5008",
"datePublished": "2019-04-19T18:07:38",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:40:48.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4537
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a9c380db3b8c6af19546a68145c8d1438a09c92b | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a9c380db3b8c6af19546a68145c8d1438a09c92b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a9c380db3b8c6af19546a68145c8d1438a09c92b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4537",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12617
Vulnerability from cvelistv5
Published
2018-06-21 18:00
Modified
2024-08-05 08:38
Severity ?
EPSS score ?
Summary
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html | mailing-list, x_refsource_MLIST | |
| https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6 | x_refsource_MISC | |
| https://usn.ubuntu.com/3826-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/104531 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/44925/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.debian.org/security/2019/dsa-4454 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/May/76 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html"
},
{
"name": "104531",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104531"
},
{
"name": "44925",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44925/"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T13:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html"
},
{
"name": "104531",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104531"
},
{
"name": "44925",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44925/"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html"
},
{
"name": "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html"
},
{
"name": "104531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104531"
},
{
"name": "44925",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44925/"
},
{
"name": "DSA-4454",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/76"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12617",
"datePublished": "2018-06-21T18:00:00",
"dateReserved": "2018-06-21T00:00:00",
"dateUpdated": "2024-08-05T08:38:06.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20263
Vulnerability from cvelistv5
Published
2021-03-09 17:17
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1933668 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/03/08/1 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210507-0002/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/08/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu 5.2.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new \u0027xattrmap\u0027 option may cause the \u0027security.capability\u0027 xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:13:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/08/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu 5.2.50"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new \u0027xattrmap\u0027 option may cause the \u0027security.capability\u0027 xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-281"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1933668",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933668"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/03/08/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/03/08/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20263",
"datePublished": "2021-03-09T17:17:43",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7377
Vulnerability from cvelistv5
Published
2017-04-10 15:00
Modified
2024-08-05 15:56
Severity ?
EPSS score ?
Summary
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2017/04/03/2 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1437871 | x_refsource_CONFIRM | |
| http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/97319 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:56:36.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170403 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/03/2"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e"
},
{
"name": "[qemu-devel] 20170328 [PULL 1/2] 9pfs: fix file descriptor leak",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html"
},
{
"name": "97319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170403 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/04/03/2"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e"
},
{
"name": "[qemu-devel] 20170328 [PULL 1/2] 9pfs: fix file descriptor leak",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html"
},
{
"name": "97319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20170403 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/04/03/2"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1437871",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437871"
},
{
"name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e",
"refsource": "CONFIRM",
"url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e"
},
{
"name": "[qemu-devel] 20170328 [PULL 1/2] 9pfs: fix file descriptor leak",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html"
},
{
"name": "97319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7377",
"datePublished": "2017-04-10T15:00:00",
"dateReserved": "2017-03-31T00:00:00",
"dateUpdated": "2024-08-05T15:56:36.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3416
Vulnerability from cvelistv5
Published
2021-03-18 19:53
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1932827 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/02/26/1 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0002/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/02/26/1"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions up to and including 5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:21",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932827"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/02/26/1"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0002/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3416",
"datePublished": "2021-03-18T19:53:29",
"dateReserved": "2021-02-25T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3930
Vulnerability from cvelistv5
Published
2022-02-18 17:50
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2020588 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220225-0007/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0007/"
},
{
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu-kvm 6.2.0-rc0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the \u0027page\u0027 argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:43",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0007/"
},
{
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu-kvm 6.2.0-rc0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the \u0027page\u0027 argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2020588",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020588"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220225-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220225-0007/"
},
{
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3930",
"datePublished": "2022-02-18T17:50:48",
"dateReserved": "2021-11-05T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7539
Vulnerability from cvelistv5
Published
2018-07-26 14:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2628",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b"
},
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19"
},
{
"name": "[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/21/4"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539"
},
{
"name": "99944",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.10.1"
}
]
}
],
"datePublic": "2017-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server\u0027s initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:2628",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b"
},
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19"
},
{
"name": "[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/21/4"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539"
},
{
"name": "99944",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99944"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7539",
"datePublished": "2018-07-26T14:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28916
Vulnerability from cvelistv5
Published
2020-12-04 06:22
Modified
2024-08-04 16:41
Severity ?
EPSS score ?
Summary
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/12/01/2 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:41:00.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/01/2"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/01/2"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/12/01/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/12/01/2"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28916",
"datePublished": "2020-12-04T06:22:37",
"dateReserved": "2020-11-18T00:00:00",
"dateUpdated": "2024-08-04T16:41:00.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3409
Vulnerability from cvelistv5
Published
2021-03-23 20:20
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1928146 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/03/09/1 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0001/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/09/1"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0001/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "up to (including) 5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:08:24",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/09/1"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0001/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3409",
"datePublished": "2021-03-23T20:20:58",
"dateReserved": "2021-02-12T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4539
Vulnerability from cvelistv5
Published
2008-12-29 15:00
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "[secure-testing-commits] 20081103 r10251 - data/CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html"
},
{
"name": "[cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25073"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"name": "qemu-kvm-cirrusvga-bo(47736)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"name": "DSA-1799",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"name": "35031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX \"bitblt\" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "[secure-testing-commits] 20081103 r10251 - data/CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html"
},
{
"name": "[cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25073"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"name": "qemu-kvm-cirrusvga-bo(47736)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"name": "DSA-1799",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"name": "35031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX \"bitblt\" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name": "[secure-testing-commits] 20081103 r10251 - data/CVE",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/secure-testing-commits@lists.alioth.debian.org/msg09322.html"
},
{
"name": "[cvs-all] 20081102 cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files patch-CVE-2008-4539 ports/emulators/qemu-devel Makefile ports/emulators/qemu-devel/files patch-CVE-2008-4539",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/cvs-all@freebsd.org/msg129730.html"
},
{
"name": "FEDORA-2008-11705",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "25073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25073"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=466890",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466890"
},
{
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33350"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=448525",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=448525"
},
{
"name": "qemu-kvm-cirrusvga-bo(47736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47736"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=237342",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5587"
},
{
"name": "DSA-1799",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name": "[debian-devel-changes] 20081101 Accepted qemu 0.9.1+svn20081101-1 (source amd64)",
"refsource": "MLIST",
"url": "http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source"
},
{
"name": "http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069",
"refsource": "CONFIRM",
"url": "http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069"
},
{
"name": "35031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35031"
},
{
"name": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4539",
"datePublished": "2008-12-29T15:00:00",
"dateReserved": "2008-10-13T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20124
Vulnerability from cvelistv5
Published
2018-12-20 22:00
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2018/12/18/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/106290 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/3923-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:19.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20181213 [PATCH v2 1/6] rdma: check num_sge does not exceed MAX_SGE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html"
},
{
"name": "[oss-security] 20181218 CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/18/2"
},
{
"name": "106290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106290"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-27T13:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[qemu-devel] 20181213 [PATCH v2 1/6] rdma: check num_sge does not exceed MAX_SGE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html"
},
{
"name": "[oss-security] 20181218 CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/18/2"
},
{
"name": "106290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106290"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20181213 [PATCH v2 1/6] rdma: check num_sge does not exceed MAX_SGE",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html"
},
{
"name": "[oss-security] 20181218 CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/12/18/2"
},
{
"name": "106290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106290"
},
{
"name": "USN-3923-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3923-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20124",
"datePublished": "2018-12-20T22:00:00",
"dateReserved": "2018-12-13T00:00:00",
"dateUpdated": "2024-08-05T11:51:19.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-17958
Vulnerability from cvelistv5
Published
2018-10-09 22:00
Modified
2024-08-05 11:01
Severity ?
EPSS score ?
Summary
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/10/08/1 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/105556 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3826-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2019/dsa-4454 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/May/76 | mailing-list, x_refsource_BUGTRAQ | |
| https://access.redhat.com/errata/RHSA-2019:2425 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:2553 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "[qemu-devel] 20180926 [PULL 22/25] rtl8139: fix possible out of bound access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html"
},
{
"name": "105556",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105556"
},
{
"name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T11:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "[qemu-devel] 20180926 [PULL 22/25] rtl8139: fix possible out of bound access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html"
},
{
"name": "105556",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105556"
},
{
"name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "[qemu-devel] 20180926 [PULL 22/25] rtl8139: fix possible out of bound access",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html"
},
{
"name": "105556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105556"
},
{
"name": "[debian-lts-announce] 20190129 [SECURITY] [DLA 1646-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00023.html"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "DSA-4454",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "RHSA-2019:2425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17958",
"datePublished": "2018-10-09T22:00:00",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4532
Vulnerability from cvelistv5
Published
2020-01-02 15:26
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2013-4532 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532 | x_refsource_MISC | |
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2013-4532 | x_refsource_MISC | |
| http://www.ubuntu.com/usn/USN-2342-1 | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589 | x_refsource_MISC | |
| https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2342-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "qemu",
"versions": [
{
"status": "affected",
"version": "1.1.2+dfsg to 2.1+dfsg"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-06T15:19:12",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2342-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4532",
"datePublished": "2020-01-02T15:26:40",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3615
Vulnerability from cvelistv5
Published
2014-11-01 23:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69654",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139115"
},
{
"name": "RHSA-2014:1941",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1941.html"
},
{
"name": "RHSA-2014:1669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1669.html"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c1b886c45dc70f247300f549dce9833f3fa2def5"
},
{
"name": "openSUSE-SU-2015:0732",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html"
},
{
"name": "RHSA-2014:1670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1670.html"
},
{
"name": "61829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX200892"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "69654",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139115"
},
{
"name": "RHSA-2014:1941",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1941.html"
},
{
"name": "RHSA-2014:1669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1669.html"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c1b886c45dc70f247300f549dce9833f3fa2def5"
},
{
"name": "openSUSE-SU-2015:0732",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html"
},
{
"name": "RHSA-2014:1670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1670.html"
},
{
"name": "61829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX200892"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69654"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1139115",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139115"
},
{
"name": "RHSA-2014:1941",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1941.html"
},
{
"name": "RHSA-2014:1669",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1669.html"
},
{
"name": "DSA-3044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c1b886c45dc70f247300f549dce9833f3fa2def5",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c1b886c45dc70f247300f549dce9833f3fa2def5"
},
{
"name": "openSUSE-SU-2015:0732",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html"
},
{
"name": "RHSA-2014:1670",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1670.html"
},
{
"name": "61829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61829"
},
{
"name": "http://support.citrix.com/article/CTX200892",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX200892"
},
{
"name": "USN-2409-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2409-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3615",
"datePublished": "2014-11-01T23:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2197
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/82235 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/01/29/2 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201604-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/01/30/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1302057 | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05742.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "82235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/82235"
},
{
"name": "[qemu-devel] 20160129 CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/29/2"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "[qemu-devel] 20160130 Re: CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/30/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302057"
},
{
"name": "[qemu-devel] 20160128 [PATCH v2] ide: ahci: add check before calling dma_memory_unmap",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05742.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash the QEMU process instance resulting in DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "82235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/82235"
},
{
"name": "[qemu-devel] 20160129 CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/29/2"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "[qemu-devel] 20160130 Re: CVE request Qemu: ide: ahci null pointer dereference when using FIS CLB engines",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/30/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302057"
},
{
"name": "[qemu-devel] 20160128 [PATCH v2] ide: ahci: add check before calling dma_memory_unmap",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05742.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2197",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2857
Vulnerability from cvelistv5
Published
2016-04-08 16:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0334",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name": "RHSA-2016:2671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"name": "RHSA-2017:0083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html"
},
{
"name": "[oss-security] 20160303 CVE request Qemu: net: out of bounds read in net_checksum_calculate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/03/9"
},
{
"name": "RHSA-2016:2706",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "[oss-security] 20160306 Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/3"
},
{
"name": "84130",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84130"
},
{
"name": "RHSA-2017:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "RHSA-2016:2705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "RHSA-2017:0309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"name": "RHSA-2016:2670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"name": "RHSA-2017:0344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2016:2704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:0334",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name": "RHSA-2016:2671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"name": "RHSA-2017:0083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0083.html"
},
{
"name": "[oss-security] 20160303 CVE request Qemu: net: out of bounds read in net_checksum_calculate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/03/9"
},
{
"name": "RHSA-2016:2706",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "[oss-security] 20160306 Re: CVE request Qemu: net: out of bounds read in net_checksum_calculate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/3"
},
{
"name": "84130",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84130"
},
{
"name": "RHSA-2017:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "RHSA-2016:2705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "RHSA-2017:0309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"name": "RHSA-2016:2670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"name": "RHSA-2017:0344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2016:2704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2857",
"datePublished": "2016-04-08T16:00:00",
"dateReserved": "2016-03-06T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5337
Vulnerability from cvelistv5
Published
2016-06-14 14:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=844864fbae66935951529408831c2f22367a57b6 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91097 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/06/08/13 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/06/08/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=844864fbae66935951529408831c2f22367a57b6"
},
{
"name": "91097",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91097"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160608 Re: CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/13"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160607 [PULL 06/13] scsi: megasas: null terminate bios version buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html"
},
{
"name": "[oss-security] 20160608 CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=844864fbae66935951529408831c2f22367a57b6"
},
{
"name": "91097",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91097"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160608 Re: CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/13"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160607 [PULL 06/13] scsi: megasas: null terminate bios version buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html"
},
{
"name": "[oss-security] 20160608 CVE Request Qemu: scsi: megasas: information leakage in megasas_ctrl_get_info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5337",
"datePublished": "2016-06-14T14:00:00",
"dateReserved": "2016-06-08T00:00:00",
"dateUpdated": "2024-08-06T01:00:59.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9104
Vulnerability from cvelistv5
Published
2016-12-09 22:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93956 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2016/10/30/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/28/2 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93956",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93956"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: integer overflow leading to OOB access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/8"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: integer overflow leading to OOB access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20161013 Re: [PATCH v3 3/3] 9pfs: fix integer overflow issue in xattr read/write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "93956",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93956"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: integer overflow leading to OOB access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/8"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: integer overflow leading to OOB access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20161013 Re: [PATCH v3 3/3] 9pfs: fix integer overflow issue in xattr read/write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9104",
"datePublished": "2016-12-09T22:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1366
Vulnerability from cvelistv5
Published
2007-05-02 17:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/23731 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2007/dsa-1284 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/25073 | third-party-advisory, x_refsource_SECUNIA | |
| http://taviso.decsystem.org/virtsec.pdf | x_refsource_MISC | |
| http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 | vendor-advisory, x_refsource_MANDRIVA | |
| http://osvdb.org/35498 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/1597 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/29129 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/25095 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34046 | vdb-entry, x_refsource_XF | |
| http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00651.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "[Qemu-devel] 20070428 Qemu crashes on AAM 0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "35498",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35498"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25095"
},
{
"name": "qemu-aam-dos(34046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34046"
},
{
"name": "[Qemu-devel] 20070429 Re: Qemu crashes on AAM 0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00651.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by \"aam 0x0,\" which triggers a divide-by-zero error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "[Qemu-devel] 20070428 Qemu crashes on AAM 0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "35498",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35498"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25095"
},
{
"name": "qemu-aam-dos(34046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34046"
},
{
"name": "[Qemu-devel] 20070429 Re: Qemu crashes on AAM 0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00651.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by \"aam 0x0,\" which triggers a divide-by-zero error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "DSA-1284",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25073"
},
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "[Qemu-devel] 20070428 Qemu crashes on AAM 0",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html"
},
{
"name": "MDVSA-2008:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "35498",
"refsource": "OSVDB",
"url": "http://osvdb.org/35498"
},
{
"name": "ADV-2007-1597",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "25095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25095"
},
{
"name": "qemu-aam-dos(34046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34046"
},
{
"name": "[Qemu-devel] 20070429 Re: Qemu crashes on AAM 0",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00651.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1366",
"datePublished": "2007-05-02T17:00:00",
"dateReserved": "2007-03-09T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-13711
Vulnerability from cvelistv5
Published
2017-09-01 13:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100534 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:0816 | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2017/08/29/6 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2017/dsa-3991 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2018:1104 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:1113 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1486400 | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100534",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100534"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "[oss-security] 20170829 CVE-2017-13711 Qemu: Slirp: use-after-free when sending response",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/08/29/6"
},
{
"name": "DSA-3991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486400"
},
{
"name": "[qemu-devel] 20170826 [PATCH] slirp: fix clearing ifq_so from pending packets",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100534",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100534"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "[oss-security] 20170829 CVE-2017-13711 Qemu: Slirp: use-after-free when sending response",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/08/29/6"
},
{
"name": "DSA-3991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486400"
},
{
"name": "[qemu-devel] 20170826 [PATCH] slirp: fix clearing ifq_so from pending packets",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100534"
},
{
"name": "RHSA-2018:0816",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "[oss-security] 20170829 CVE-2017-13711 Qemu: Slirp: use-after-free when sending response",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/29/6"
},
{
"name": "DSA-3991",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1486400",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486400"
},
{
"name": "[qemu-devel] 20170826 [PATCH] slirp: fix clearing ifq_so from pending packets",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13711",
"datePublished": "2017-09-01T13:00:00",
"dateReserved": "2017-08-28T00:00:00",
"dateUpdated": "2024-08-05T19:05:19.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3947
Vulnerability from cvelistv5
Published
2022-02-18 17:50
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2021869 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220318-0003/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220318-0003/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu-kvm 6.2.0-rc2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:09:05",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220318-0003/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu-kvm 6.2.0-rc2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021869"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220318-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220318-0003/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3947",
"datePublished": "2022-02-18T17:50:50",
"dateReserved": "2021-11-11T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8613
Vulnerability from cvelistv5
Published
2017-04-11 19:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/12/22/1 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/79719 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1284008 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201604-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151221 Re: CVE request: Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/22/1"
},
{
"name": "79719",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284008"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "[qemu-devel] 20151221 [Qemu-devel] [PATCH] scsi: initialise info object with appropriate size",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20151221 Re: CVE request: Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/22/1"
},
{
"name": "79719",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1284008"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "[qemu-devel] 20151221 [Qemu-devel] [PATCH] scsi: initialise info object with appropriate size",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8613",
"datePublished": "2017-04-11T19:00:00",
"dateReserved": "2015-12-21T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12067
Vulnerability from cvelistv5
Published
2021-06-02 14:18
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html | x_refsource_MISC | |
| https://bugzilla.suse.com/show_bug.cgi?id=1145642 | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2019-12067 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210727-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1145642"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T15:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1145642"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1145642",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1145642"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2019-12067",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2019-12067"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210727-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210727-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12067",
"datePublished": "2021-06-02T14:18:09",
"dateReserved": "2019-05-13T00:00:00",
"dateUpdated": "2024-08-04T23:10:30.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2680
Vulnerability from cvelistv5
Published
2023-09-13 16:50
Modified
2024-08-02 06:33
Severity ?
EPSS score ?
Summary
Dma reentrancy issue (incomplete fix for cve-2021-3750)
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-2680 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2203387 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20231116-0001/ |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2680"
},
{
"name": "RHBZ#2203387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-rhev",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-12T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T16:50:53.532Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2680"
},
{
"name": "RHBZ#2203387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0001/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Dma reentrancy issue (incomplete fix for cve-2021-3750)",
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2680",
"datePublished": "2023-09-13T16:50:53.532Z",
"dateReserved": "2023-05-12T09:57:43.190Z",
"dateUpdated": "2024-08-02T06:33:05.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12155
Vulnerability from cvelistv5
Published
2019-05-24 15:33
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/22/1"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "FEDORA-2019-52a8f5468e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "FEDORA-2019-e9de40d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
},
{
"name": "openSUSE-SU-2019:2041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
},
{
"name": "openSUSE-SU-2019:2059",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
},
{
"name": "RHSA-2019:2607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2607"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "RHSA-2019:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
},
{
"name": "RHSA-2019:3179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3179"
},
{
"name": "RHSA-2019:3345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3345"
},
{
"name": "RHSA-2019:3742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3742"
},
{
"name": "RHSA-2019:3787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3787"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "RHBA-2019:3723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3723"
},
{
"name": "RHSA-2019:4344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4344"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-30T19:32:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/22/1"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "FEDORA-2019-52a8f5468e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "FEDORA-2019-e9de40d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
},
{
"name": "openSUSE-SU-2019:2041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
},
{
"name": "openSUSE-SU-2019:2059",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
},
{
"name": "RHSA-2019:2607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2607"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "RHSA-2019:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
},
{
"name": "RHSA-2019:3179",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3179"
},
{
"name": "RHSA-2019:3345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3345"
},
{
"name": "RHSA-2019:3742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3742"
},
{
"name": "RHSA-2019:3787",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3787"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "RHBA-2019:3723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:3723"
},
{
"name": "RHSA-2019:4344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4344"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/05/22/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2019/05/22/1"
},
{
"name": "DSA-4454",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "FEDORA-2019-52a8f5468e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/"
},
{
"name": "FEDORA-2019-e9de40d53f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/"
},
{
"name": "openSUSE-SU-2019:2041",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
},
{
"name": "openSUSE-SU-2019:2059",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
},
{
"name": "RHSA-2019:2607",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2607"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "RHSA-2019:2892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
},
{
"name": "RHSA-2019:3179",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3179"
},
{
"name": "RHSA-2019:3345",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3345"
},
{
"name": "RHSA-2019:3742",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3742"
},
{
"name": "RHSA-2019:3787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3787"
},
{
"name": "USN-4191-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "USN-4191-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "RHBA-2019:3723",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:3723"
},
{
"name": "RHSA-2019:4344",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4344"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=3be7eb2f47bf71db5f80fcf8750ea395dd5ffdd2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12155",
"datePublished": "2019-05-24T15:33:11",
"dateReserved": "2019-05-17T00:00:00",
"dateUpdated": "2024-08-04T23:10:30.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4020
Vulnerability from cvelistv5
Published
2016-05-25 15:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
References
| ▼ | URL | Tags |
|---|---|---|
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1313686 | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/86067 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2392 | vendor-advisory, x_refsource_REDHAT | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-2974-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2017:2408 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2017:1856 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313686"
},
{
"name": "[qemu-devel] 20160407 [Qemu-devel] [PATCH] i386: kvmvapic: initialise imm32 variable",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html"
},
{
"name": "86067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86067"
},
{
"name": "[qemu-devel] 20160407 Re: [Qemu-devel] [PATCH] i386: kvmvapic: initialise imm32 variable",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "RHSA-2017:1856",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1313686"
},
{
"name": "[qemu-devel] 20160407 [Qemu-devel] [PATCH] i386: kvmvapic: initialise imm32 variable",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html"
},
{
"name": "86067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/86067"
},
{
"name": "[qemu-devel] 20160407 Re: [Qemu-devel] [PATCH] i386: kvmvapic: initialise imm32 variable",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html"
},
{
"name": "RHSA-2017:2392",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "RHSA-2017:1856",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1856"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4020",
"datePublished": "2016-05-25T15:00:00",
"dateReserved": "2016-04-14T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18043
Vulnerability from cvelistv5
Published
2018-01-31 20:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4213 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2018/01/19/1 | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3575-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2098b073f398cd628c09c5a78537a6854 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102759 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:50.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[oss-security] 20180119 CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/01/19/1"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2098b073f398cd628c09c5a78537a6854"
},
{
"name": "102759",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[oss-security] 20180119 CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/01/19/1"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2098b073f398cd628c09c5a78537a6854"
},
{
"name": "102759",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102759"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[oss-security] 20180119 CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/01/19/1"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854"
},
{
"name": "102759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102759"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18043",
"datePublished": "2018-01-31T20:00:00",
"dateReserved": "2018-01-19T00:00:00",
"dateUpdated": "2024-08-05T21:06:50.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16867
Vulnerability from cvelistv5
Published
2018-12-12 13:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106195 | vdb-entry, x_refsource_BID | |
| https://www.openwall.com/lists/oss-security/2018/12/06/1 | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/3923-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867"
},
{
"name": "106195",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106195"
},
{
"name": "[oss-security] 20181206 CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/06/1"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU:",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "3.1.0"
}
]
}
],
"datePublic": "2018-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-27T13:06:18",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867"
},
{
"name": "106195",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106195"
},
{
"name": "[oss-security] 20181206 CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2018/12/06/1"
},
{
"name": "FEDORA-2019-88a98ce795",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU:",
"version": {
"version_data": [
{
"version_value": "3.1.0"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16867"
},
{
"name": "106195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106195"
},
{
"name": "[oss-security] 20181206 CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP)",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2018/12/06/1"
},
{
"name": "FEDORA-2019-88a98ce795",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
},
{
"name": "USN-3923-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3923-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16867",
"datePublished": "2018-12-12T13:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:32:54.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8817
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2671.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1300771 | x_refsource_CONFIRM | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-2706.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2016/03/01/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/03/01/10 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2016-2705.html | vendor-advisory, x_refsource_REDHAT | |
| https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2016-2670.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2016-2704.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:22.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3"
},
{
"name": "RHSA-2016:2706",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "[oss-security] 20160301 CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
},
{
"name": "[oss-security] 20160301 Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
},
{
"name": "RHSA-2016:2705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "[qemu-stable] 20160127 [PATCH for v2.3.1] exec: Respect as_translate_internal length clamp",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html"
},
{
"name": "RHSA-2016:2670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"name": "RHSA-2016:2704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built to use \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions \u003e= 1.6.0 and \u003c= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:2671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3"
},
{
"name": "RHSA-2016:2706",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
},
{
"name": "[oss-security] 20160301 CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
},
{
"name": "[oss-security] 20160301 Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
},
{
"name": "RHSA-2016:2705",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
},
{
"name": "[qemu-stable] 20160127 [PATCH for v2.3.1] exec: Respect as_translate_internal length clamp",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html"
},
{
"name": "RHSA-2016:2670",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
},
{
"name": "RHSA-2016:2704",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8817",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-03-01T00:00:00",
"dateUpdated": "2024-08-06T08:29:22.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7550
Vulnerability from cvelistv5
Published
2018-03-01 00:00
Modified
2024-08-05 06:31
Severity ?
EPSS score ?
Summary
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1369",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1369"
},
{
"name": "[qemu-devel] 20180228 [PATCH] multiboot: check mh_load_end_addr address field",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html"
},
{
"name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1351-1] qemu security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html"
},
{
"name": "USN-3649-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3649-1/"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1350-1] qemu-kvm security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html"
},
{
"name": "103181",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103181"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
},
{
"name": "RHSA-2018:2462",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2462"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-30T21:56:51.639818",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:1369",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1369"
},
{
"name": "[qemu-devel] 20180228 [PATCH] multiboot: check mh_load_end_addr address field",
"tags": [
"mailing-list"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html"
},
{
"name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1351-1] qemu security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html"
},
{
"name": "USN-3649-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/3649-1/"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1350-1] qemu-kvm security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html"
},
{
"name": "103181",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/103181"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549798"
},
{
"name": "RHSA-2018:2462",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2462"
},
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7550",
"datePublished": "2018-03-01T00:00:00",
"dateReserved": "2018-02-27T00:00:00",
"dateUpdated": "2024-08-05T06:31:04.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20295
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1944075 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2020-10756 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220519-0003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944075"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2020-10756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220519-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu-kvm 4.2.0-34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T19:06:23",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944075"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2020-10756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220519-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu-kvm 4.2.0-34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1944075",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944075"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2020-10756",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2020-10756"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220519-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220519-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20295",
"datePublished": "2022-04-01T22:17:46",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7493
Vulnerability from cvelistv5
Published
2017-05-17 15:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/98574 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1451709 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2017/q2/278 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98574"
},
{
"name": "[qemu-devel] 20170516 [PULL] 9pfs: local: forbid client access to metadata (CVE-2017-7493)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709"
},
{
"name": "[oss-security] 20170517 CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q2/278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.7.4"
}
]
}
],
"datePublic": "2017-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98574"
},
{
"name": "[qemu-devel] 20170516 [PULL] 9pfs: local: forbid client access to metadata (CVE-2017-7493)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709"
},
{
"name": "[oss-security] 20170517 CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2017/q2/278"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7493",
"datePublished": "2017-05-17T15:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8619
Vulnerability from cvelistv5
Published
2017-04-13 17:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/12/23/1 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/79668 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201604-01 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151223 CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/1"
},
{
"name": "79668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79668"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "[qemu-devel] 20151217 [Qemu-devel] [PATCH] hmp: avoid redundant null termination of buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20151223 CVE request Qemu: hmp: stack based OOB write in hmp_sendkey routine",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/1"
},
{
"name": "79668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79668"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "[qemu-devel] 20151217 [Qemu-devel] [PATCH] hmp: avoid redundant null termination of buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8619",
"datePublished": "2017-04-13T17:00:00",
"dateReserved": "2015-12-22T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6075
Vulnerability from cvelistv5
Published
2013-02-13 01:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb"
},
{
"name": "FEDORA-2013-0965",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html"
},
{
"name": "55082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55082"
},
{
"name": "DSA-2608",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2608"
},
{
"name": "openSUSE-SU-2013:0637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
},
{
"name": "GLSA-201309-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "[oss-security] 20121229 Re: CVE request: qemu e1000 emulated device gues-side buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/1"
},
{
"name": "DSA-2607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301"
},
{
"name": "RHSA-2013:0639",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0639.html"
},
{
"name": "RHSA-2013:0608",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0608.html"
},
{
"name": "FEDORA-2013-0934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html"
},
{
"name": "RHSA-2013:0610",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0610.html"
},
{
"name": "RHSA-2013:0609",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0609.html"
},
{
"name": "USN-1692-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1692-1"
},
{
"name": "openSUSE-SU-2013:0636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
},
{
"name": "SUSE-SU-2014:0446",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "DSA-2619",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2619"
},
{
"name": "[Qemu-devel] 20121205 [PATCH] e1000: Discard oversized packets based on\tSBP|LPE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html"
},
{
"name": "RHSA-2013:0599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0599.html"
},
{
"name": "57420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57420"
},
{
"name": "FEDORA-2013-0971",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-10T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb"
},
{
"name": "FEDORA-2013-0965",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html"
},
{
"name": "55082",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55082"
},
{
"name": "DSA-2608",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2608"
},
{
"name": "openSUSE-SU-2013:0637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
},
{
"name": "GLSA-201309-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "[oss-security] 20121229 Re: CVE request: qemu e1000 emulated device gues-side buffer overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/1"
},
{
"name": "DSA-2607",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301"
},
{
"name": "RHSA-2013:0639",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0639.html"
},
{
"name": "RHSA-2013:0608",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0608.html"
},
{
"name": "FEDORA-2013-0934",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html"
},
{
"name": "RHSA-2013:0610",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0610.html"
},
{
"name": "RHSA-2013:0609",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0609.html"
},
{
"name": "USN-1692-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1692-1"
},
{
"name": "openSUSE-SU-2013:0636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
},
{
"name": "SUSE-SU-2014:0446",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "DSA-2619",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2619"
},
{
"name": "[Qemu-devel] 20121205 [PATCH] e1000: Discard oversized packets based on\tSBP|LPE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html"
},
{
"name": "RHSA-2013:0599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0599.html"
},
{
"name": "57420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57420"
},
{
"name": "FEDORA-2013-0971",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6075",
"datePublished": "2013-02-13T01:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13361
Vulnerability from cvelistv5
Published
2020-05-28 13:42
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/05/28/1 | x_refsource_CONFIRM | |
| https://security-tracker.debian.org/tracker/CVE-2020-13361 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200608-0003/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4728 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/202011-09 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/28/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2020-13361"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0003/"
},
{
"name": "[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html"
},
{
"name": "DSA-4728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "openSUSE-SU-2020:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T05:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/28/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2020-13361"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0003/"
},
{
"name": "[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html"
},
{
"name": "DSA-4728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "openSUSE-SU-2020:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/05/28/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/05/28/1"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2020-13361",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2020-13361"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0003/"
},
{
"name": "[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html"
},
{
"name": "DSA-4728",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "openSUSE-SU-2020:1108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13361",
"datePublished": "2020-05-28T13:42:06",
"dateReserved": "2020-05-21T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9602
Vulnerability from cvelistv5
Published
2018-04-26 19:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1037604 | vdb-entry, x_refsource_SECTRACK | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/01/17/12 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201704-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/95461 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| unspecified | Qemu |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20170220 [PATCH 00/29] 9pfs: local: fix vulnerability to symlink attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html"
},
{
"name": "1037604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037604"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602"
},
{
"name": "[oss-security] 20170117 CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/12"
},
{
"name": "[qemu-devel] 20170130 [PATCH RFC 00/36] 9pfs: local: fix vulnerability to symlink attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "95461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95461"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "qemu 2.9"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20170220 [PATCH 00/29] 9pfs: local: fix vulnerability to symlink attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html"
},
{
"name": "1037604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037604"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602"
},
{
"name": "[oss-security] 20170117 CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/12"
},
{
"name": "[qemu-devel] 20170130 [PATCH RFC 00/36] 9pfs: local: fix vulnerability to symlink attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html"
},
{
"name": "GLSA-201704-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "95461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95461"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qemu",
"version": {
"version_data": [
{
"version_value": "qemu 2.9"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.6/CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "6.5/AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20170220 [PATCH 00/29] 9pfs: local: fix vulnerability to symlink attacks",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html"
},
{
"name": "1037604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037604"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602"
},
{
"name": "[oss-security] 20170117 CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/12"
},
{
"name": "[qemu-devel] 20170130 [PATCH RFC 00/36] 9pfs: local: fix vulnerability to symlink attacks",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html"
},
{
"name": "GLSA-201704-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name": "95461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95461"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9602",
"datePublished": "2018-04-26T19:00:00",
"dateReserved": "2016-11-23T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6855
Vulnerability from cvelistv5
Published
2015-11-06 21:00
Modified
2024-08-06 07:36
Severity ?
EPSS score ?
Summary
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:34.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3361"
},
{
"name": "76691",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76691"
},
{
"name": "FEDORA-2015-16369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html"
},
{
"name": "FEDORA-2015-16370",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html"
},
{
"name": "FEDORA-2015-d6ea74993a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html"
},
{
"name": "[oss-security] 20150910 Re: CVE request Qemu: ide: divide by zero issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/10/2"
},
{
"name": "SUSE-SU-2015:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "[oss-security] 20150910 CVE request Qemu: ide: divide by zero issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/10/1"
},
{
"name": "FEDORA-2015-16368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"name": "DSA-3362",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3362"
},
{
"name": "USN-2745-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"name": "FEDORA-2015-8dc71ade88",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html"
},
{
"name": "[Qemu-devel] 20150907 [PATCH] ide: fix ATAPI command permissions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html"
},
{
"name": "FEDORA-2015-4896530727",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:00:18",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3361"
},
{
"name": "76691",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76691"
},
{
"name": "FEDORA-2015-16369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html"
},
{
"name": "FEDORA-2015-16370",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html"
},
{
"name": "FEDORA-2015-d6ea74993a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html"
},
{
"name": "[oss-security] 20150910 Re: CVE request Qemu: ide: divide by zero issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/10/2"
},
{
"name": "SUSE-SU-2015:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "[oss-security] 20150910 CVE request Qemu: ide: divide by zero issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/10/1"
},
{
"name": "FEDORA-2015-16368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"name": "DSA-3362",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3362"
},
{
"name": "USN-2745-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"name": "FEDORA-2015-8dc71ade88",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html"
},
{
"name": "[Qemu-devel] 20150907 [PATCH] ide: fix ATAPI command permissions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html"
},
{
"name": "FEDORA-2015-4896530727",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-6855",
"datePublished": "2015-11-06T21:00:00",
"dateReserved": "2015-09-10T00:00:00",
"dateUpdated": "2024-08-06T07:36:34.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2004
Vulnerability from cvelistv5
Published
2008-05-12 22:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "RHSA-2008:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
},
{
"name": "29101",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29101"
},
{
"name": "[Qemu-devel] 20080428 [4277] add format= to drive options (CVE-2008-2004)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "oval:org.mitre.oval:def:11021",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11021"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=4277"
},
{
"name": "29963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29963"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "30111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30111"
},
{
"name": "qemu-driveinit-security-bypass(42268)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42268"
},
{
"name": "SUSE-SR:2008:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"name": "30717",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "RHSA-2008:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
},
{
"name": "29101",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29101"
},
{
"name": "[Qemu-devel] 20080428 [4277] add format= to drive options (CVE-2008-2004)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "oval:org.mitre.oval:def:11021",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11021"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=4277"
},
{
"name": "29963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29963"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "30111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30111"
},
{
"name": "qemu-driveinit-security-bypass(42268)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42268"
},
{
"name": "SUSE-SR:2008:013",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"name": "30717",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name": "RHSA-2008:0194",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
},
{
"name": "29101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29101"
},
{
"name": "[Qemu-devel] 20080428 [4277] add format= to drive options (CVE-2008-2004)",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html"
},
{
"name": "MDVSA-2008:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "oval:org.mitre.oval:def:11021",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11021"
},
{
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=4277",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=4277"
},
{
"name": "29963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29963"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "30111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30111"
},
{
"name": "qemu-driveinit-security-bypass(42268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42268"
},
{
"name": "SUSE-SR:2008:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"
},
{
"name": "30717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2004",
"datePublished": "2008-05-12T22:00:00",
"dateReserved": "2008-04-28T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12809
Vulnerability from cvelistv5
Published
2017-08-23 16:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3991 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/100451 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/08/21/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "[qemu-devel] 20170809 [Qemu-devel] [PATCH 1/2] IDE: Do not flush empty CDROM drives",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html"
},
{
"name": "100451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100451"
},
{
"name": "[oss-security] 20170821 CVE-2017-12809 Qemu: ide: flushing of empty CDROM drives leads to NULL dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/08/21/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "[qemu-devel] 20170809 [Qemu-devel] [PATCH 1/2] IDE: Do not flush empty CDROM drives",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html"
},
{
"name": "100451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100451"
},
{
"name": "[oss-security] 20170821 CVE-2017-12809 Qemu: ide: flushing of empty CDROM drives leads to NULL dereference",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/08/21/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3991",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3991"
},
{
"name": "[qemu-devel] 20170809 [Qemu-devel] [PATCH 1/2] IDE: Do not flush empty CDROM drives",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html"
},
{
"name": "100451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100451"
},
{
"name": "[oss-security] 20170821 CVE-2017-12809 Qemu: ide: flushing of empty CDROM drives leads to NULL dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/21/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12809",
"datePublished": "2017-08-23T16:00:00",
"dateReserved": "2017-08-11T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9103
Vulnerability from cvelistv5
Published
2016-12-09 22:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/10/30/7 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/28/1 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb687602853b4ae656e9236ee4222609f3a6887d | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93955 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20161010 Re: [PATCH 1/2] 9pfs: fix information leak in xattr read",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: information leakage via xattribute",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/7"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: information leakage via xattribute",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb687602853b4ae656e9236ee4222609f3a6887d"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "93955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20161010 Re: [PATCH 1/2] 9pfs: fix information leak in xattr read",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161030 Re: CVE request Qemu: 9pfs: information leakage via xattribute",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/30/7"
},
{
"name": "[oss-security] 20161028 CVE request Qemu: 9pfs: information leakage via xattribute",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/28/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb687602853b4ae656e9236ee4222609f3a6887d"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "93955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93955"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9103",
"datePublished": "2016-12-09T22:00:00",
"dateReserved": "2016-10-28T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14364
Vulnerability from cvelistv5
Published
2020-08-31 17:11
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869201"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/08/24/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/08/24/2"
},
{
"name": "DSA-4760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4760"
},
{
"name": "FEDORA-2020-3689b67b53",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
},
{
"name": "FEDORA-2020-eeb29955ed",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/"
},
{
"name": "USN-4511-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4511-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200924-0006/"
},
{
"name": "GLSA-202009-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202009-14"
},
{
"name": "openSUSE-SU-2020:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "QEMU versions before 5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice \u0027setup_len\u0027 exceeds its \u0027data_buf[4096]\u0027 in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 leads to CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T05:06:21",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869201"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/08/24/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/08/24/2"
},
{
"name": "DSA-4760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4760"
},
{
"name": "FEDORA-2020-3689b67b53",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
},
{
"name": "FEDORA-2020-eeb29955ed",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/"
},
{
"name": "USN-4511-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4511-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200924-0006/"
},
{
"name": "GLSA-202009-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202009-14"
},
{
"name": "openSUSE-SU-2020:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "QEMU versions before 5.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice \u0027setup_len\u0027 exceeds its \u0027data_buf[4096]\u0027 in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 leads to CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1869201",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869201"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/08/24/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/08/24/3"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/08/24/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/08/24/2"
},
{
"name": "DSA-4760",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4760"
},
{
"name": "FEDORA-2020-3689b67b53",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTZQUQ6ZBPMFMNAUQBVJFELYNMUZLL6P/"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
},
{
"name": "FEDORA-2020-eeb29955ed",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M52WIRMZL6TZRYZ65N6OAYNNFHV62O2N/"
},
{
"name": "USN-4511-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4511-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200924-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200924-0006/"
},
{
"name": "GLSA-202009-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202009-14"
},
{
"name": "openSUSE-SU-2020:1664",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"
},
{
"name": "GLSA-202011-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14364",
"datePublished": "2020-08-31T17:11:52",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3872
Vulnerability from cvelistv5
Published
2022-11-07 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affected: up to latest v7.1.0-rc4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221215-0005/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-3872",
"datePublished": "2022-11-07T00:00:00",
"dateReserved": "2022-11-07T00:00:00",
"dateUpdated": "2024-08-03T01:20:58.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4527
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0927.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3f1c49e2136fa08ab1ef3183fd55def308829584 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0927.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3f1c49e2136fa08ab1ef3183fd55def308829584"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0927.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3f1c49e2136fa08ab1ef3183fd55def308829584"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4527",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13164
Vulnerability from cvelistv5
Published
2019-07-03 13:56
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00145.html"
},
{
"name": "[oss-security] 20190703 CVE-2019-13164 Qemu: qemu-bridge-helper ACL bypassed with long interface names",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/02/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/02/2"
},
{
"name": "109054",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109054"
},
{
"name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/41"
},
{
"name": "DSA-4506",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4506"
},
{
"name": "openSUSE-SU-2019:2041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
},
{
"name": "DSA-4512",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4512"
},
{
"name": "20190902 [SECURITY] [DSA 4512-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/3"
},
{
"name": "openSUSE-SU-2019:2059",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "GLSA-202003-66",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/03d7712b4bcd47bfe0fe14ba2fffa87e111fa086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T18:14:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00145.html"
},
{
"name": "[oss-security] 20190703 CVE-2019-13164 Qemu: qemu-bridge-helper ACL bypassed with long interface names",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/02/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/02/2"
},
{
"name": "109054",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109054"
},
{
"name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/41"
},
{
"name": "DSA-4506",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4506"
},
{
"name": "openSUSE-SU-2019:2041",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
},
{
"name": "DSA-4512",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4512"
},
{
"name": "20190902 [SECURITY] [DSA 4512-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/3"
},
{
"name": "openSUSE-SU-2019:2059",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "USN-4191-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "USN-4191-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "GLSA-202003-66",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/03d7712b4bcd47bfe0fe14ba2fffa87e111fa086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00145.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00145.html"
},
{
"name": "[oss-security] 20190703 CVE-2019-13164 Qemu: qemu-bridge-helper ACL bypassed with long interface names",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/07/02/2"
},
{
"name": "http://www.openwall.com/lists/oss-security/2019/07/02/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2019/07/02/2"
},
{
"name": "109054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109054"
},
{
"name": "20190825 [SECURITY] [DSA 4506-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/41"
},
{
"name": "DSA-4506",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4506"
},
{
"name": "openSUSE-SU-2019:2041",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html"
},
{
"name": "DSA-4512",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4512"
},
{
"name": "20190902 [SECURITY] [DSA 4512-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/3"
},
{
"name": "openSUSE-SU-2019:2059",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
},
{
"name": "USN-4191-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-2/"
},
{
"name": "USN-4191-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4191-1/"
},
{
"name": "GLSA-202003-66",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-66"
},
{
"name": "https://github.com/qemu/qemu/commit/03d7712b4bcd47bfe0fe14ba2fffa87e111fa086",
"refsource": "MISC",
"url": "https://github.com/qemu/qemu/commit/03d7712b4bcd47bfe0fe14ba2fffa87e111fa086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13164",
"datePublished": "2019-07-03T13:56:52",
"dateReserved": "2019-07-02T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2382
Vulnerability from cvelistv5
Published
2008-12-24 17:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "1021489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021489"
},
{
"name": "4803",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4803"
},
{
"name": "ADV-2008-3488",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "33303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33303"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "33293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33293"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name": "1021488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021488"
},
{
"name": "32910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32910"
},
{
"name": "ADV-2008-3489",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name": "qemu-kvm-protocolclientmsg-dos(47561)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35062"
},
{
"name": "1021489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021489"
},
{
"name": "4803",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4803"
},
{
"name": "ADV-2008-3488",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name": "FEDORA-2008-11705",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "33303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33303"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "33293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33293"
},
{
"name": "USN-776-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name": "1021488",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021488"
},
{
"name": "32910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32910"
},
{
"name": "ADV-2008-3489",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name": "qemu-kvm-protocolclientmsg-dos(47561)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name": "1021489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021489"
},
{
"name": "4803",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4803"
},
{
"name": "ADV-2008-3488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name": "FEDORA-2008-11705",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "33303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33303"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "33293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33293"
},
{
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33350"
},
{
"name": "http://www.coresecurity.com/content/vnc-remote-dos",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name": "SUSE-SR:2009:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name": "1021488",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021488"
},
{
"name": "32910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32910"
},
{
"name": "ADV-2008-3489",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name": "qemu-kvm-protocolclientmsg-dos(47561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2382",
"datePublished": "2008-12-24T17:00:00",
"dateReserved": "2008-05-21T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8354
Vulnerability from cvelistv5
Published
2024-09-19 10:45
Modified
2024-11-15 17:54
Severity ?
EPSS score ?
Summary
Qemu-kvm: usb: assertion failure in usb_ep_get()
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-8354 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2313497 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T13:38:43.642114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:38:51.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-11T22:03:23.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241011-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/qemu-project/qemu",
"defaultStatus": "affected",
"packageName": "qemu"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Antoine \"Gravis\" Assier de Pompignan (Fuzzinglabs) and Patrick Ventuzelo (Fuzzinglabs) for reporting this issue."
}
],
"datePublic": "2024-08-30T19:07:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:54:44.046Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-8354"
},
{
"name": "RHBZ#2313497",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313497"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-19T08:42:45.570000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-08-30T19:07:00+00:00",
"value": "Made public."
}
],
"title": "Qemu-kvm: usb: assertion failure in usb_ep_get()",
"x_redhatCweChain": "CWE-617: Reachable Assertion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-8354",
"datePublished": "2024-09-19T10:45:06.191Z",
"dateReserved": "2024-08-30T15:57:27.206Z",
"dateUpdated": "2024-11-15T17:54:44.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12829
Vulnerability from cvelistv5
Published
2020-08-31 14:41
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1808510 | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4760 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808510"
},
{
"name": "DSA-4760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-07T11:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808510"
},
{
"name": "DSA-4760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4760"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1808510",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808510"
},
{
"name": "DSA-4760",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4760"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12829",
"datePublished": "2020-08-31T14:41:14",
"dateReserved": "2020-05-13T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1711
Vulnerability from cvelistv5
Published
2020-02-11 19:42
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/23/3"
},
{
"name": "USN-4283-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4283-1/"
},
{
"name": "RHSA-2020:0669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0669"
},
{
"name": "RHSA-2020:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0773"
},
{
"name": "RHSA-2020:0730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0730"
},
{
"name": "RHSA-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0731"
},
{
"name": "[debian-lts-announce] 20200316 [SECURITY] [DLA 2144-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html"
},
{
"name": "openSUSE-SU-2020:0468",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "GLSA-202005-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-02"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "All qemu versions 2.12.0 before 4.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-13T20:06:10",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/23/3"
},
{
"name": "USN-4283-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4283-1/"
},
{
"name": "RHSA-2020:0669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0669"
},
{
"name": "RHSA-2020:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0773"
},
{
"name": "RHSA-2020:0730",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0730"
},
{
"name": "RHSA-2020:0731",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0731"
},
{
"name": "[debian-lts-announce] 20200316 [SECURITY] [DLA 2144-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html"
},
{
"name": "openSUSE-SU-2020:0468",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "GLSA-202005-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-02"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "All qemu versions 2.12.0 before 4.2.1"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.7/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1711"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/01/23/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/01/23/3"
},
{
"name": "USN-4283-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4283-1/"
},
{
"name": "RHSA-2020:0669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0669"
},
{
"name": "RHSA-2020:0773",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0773"
},
{
"name": "RHSA-2020:0730",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0730"
},
{
"name": "RHSA-2020:0731",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0731"
},
{
"name": "[debian-lts-announce] 20200316 [SECURITY] [DLA 2144-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00017.html"
},
{
"name": "openSUSE-SU-2020:0468",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "GLSA-202005-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-02"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1711",
"datePublished": "2020-02-11T19:42:48",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3544
Vulnerability from cvelistv5
Published
2021-06-02 13:30
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/05/31/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1958935 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210720-0008/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2021/dsa-4980 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:06.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210531 QEMU: security issues in vhost-user-gpu",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958935"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
},
{
"name": "DSA-4980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All QEMU versions up to and including 6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:10:27",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210531 QEMU: security issues in vhost-user-gpu",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958935"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
},
{
"name": "DSA-4980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3544",
"datePublished": "2021-06-02T13:30:24",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-08-03T17:01:06.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5106
Vulnerability from cvelistv5
Published
2016-09-02 14:00
Modified
2024-08-06 00:53
Severity ?
EPSS score ?
Summary
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3047-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/05/26/8 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-3047-2 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/05/25/6 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1339578 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:53:47.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/8"
},
{
"name": "[qemu-devel] 20160525 [Qemu-devel] [PATCH 1/3] scsi: megasas: use appropriate property buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160525 CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339578"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "[oss-security] 20160526 Re: CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/26/8"
},
{
"name": "[qemu-devel] 20160525 [Qemu-devel] [PATCH 1/3] scsi: megasas: use appropriate property buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160525 CVE Request Qemu: scsi: megasas: out-of-bounds write while setting controller properties",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/25/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1339578"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5106",
"datePublished": "2016-09-02T14:00:00",
"dateReserved": "2016-05-26T00:00:00",
"dateUpdated": "2024-08-06T00:53:47.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2615
Vulnerability from cvelistv5
Published
2018-07-02 18:00
Modified
2024-08-05 14:02
Severity ?
EPSS score ?
Summary
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:06.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0329",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
},
{
"name": "RHSA-2017:0334",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615"
},
{
"name": "1037804",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037804"
},
{
"name": "RHSA-2017:0328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "95990",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95990"
},
{
"name": "RHSA-2017:0333",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
},
{
"name": "GLSA-201702-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-27"
},
{
"name": "[oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/6"
},
{
"name": "RHSA-2017:0454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
},
{
"name": "[qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html"
},
{
"name": "RHSA-2017:0331",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "RHSA-2017:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "RHSA-2017:0396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
},
{
"name": "RHSA-2017:0309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"name": "RHSA-2017:0344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"name": "RHSA-2017:0330",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
},
{
"name": "RHSA-2017:0332",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX220771"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "display",
"vendor": "qemu",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:0329",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
},
{
"name": "RHSA-2017:0334",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615"
},
{
"name": "1037804",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037804"
},
{
"name": "RHSA-2017:0328",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "95990",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95990"
},
{
"name": "RHSA-2017:0333",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
},
{
"name": "GLSA-201702-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-27"
},
{
"name": "[oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/6"
},
{
"name": "RHSA-2017:0454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
},
{
"name": "[qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html"
},
{
"name": "RHSA-2017:0331",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
},
{
"name": "GLSA-201702-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "RHSA-2017:0350",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name": "RHSA-2017:0396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
},
{
"name": "RHSA-2017:0309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"name": "RHSA-2017:0344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"name": "RHSA-2017:0330",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
},
{
"name": "RHSA-2017:0332",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX220771"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2615",
"datePublished": "2018-07-02T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T14:02:06.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3712
Vulnerability from cvelistv5
Published
2016-05-11 21:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
References
| ▼ | URL | Tags |
|---|---|---|
| http://xenbits.xen.org/xsa/advisory-179.html | x_refsource_CONFIRM | |
| http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2017-0621.html | vendor-advisory, x_refsource_REDHAT | |
| http://support.citrix.com/article/CTX212736 | x_refsource_CONFIRM | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/05/09/4 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1035794 | vdb-entry, x_refsource_SECTRACK | |
| http://www.ubuntu.com/usn/USN-2974-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://rhn.redhat.com/errata/RHSA-2016-2585.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2016/dsa-3573 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/90314 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-179.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2017:0621",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0621.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX212736"
},
{
"name": "[Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html"
},
{
"name": "[oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/4"
},
{
"name": "1035794",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035794"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "RHSA-2016:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2585.html"
},
{
"name": "DSA-3573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3573"
},
{
"name": "90314",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90314"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-179.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2017:0621",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0621.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX212736"
},
{
"name": "[Qemu-devel] 20160509 [PULL 5/5] vga: make sure vga register setup for vbe stays intact (CVE-2016-3712).",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg01196.html"
},
{
"name": "[oss-security] 20160509 CVE-2016-3712 Qemu: vga: out-of-bounds read and integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/4"
},
{
"name": "1035794",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035794"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "RHSA-2016:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2585.html"
},
{
"name": "DSA-3573",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3573"
},
{
"name": "90314",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90314"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3712",
"datePublished": "2016-05-11T21:00:00",
"dateReserved": "2016-03-30T00:00:00",
"dateUpdated": "2024-08-06T00:03:34.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4207
Vulnerability from cvelistv5
Published
2022-04-29 16:07
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2036966 | x_refsource_MISC | |
| https://starlabs.sg/advisories/21-4207/ | x_refsource_MISC | |
| https://www.debian.org/security/2022/dsa-5133 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036966"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/21-4207/"
},
{
"name": "DSA-5133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5133"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu-kvm 7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor-\u003eheader.width` and `cursor-\u003eheader.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362-\u003eCWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036966"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://starlabs.sg/advisories/21-4207/"
},
{
"name": "DSA-5133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5133"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-4207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu-kvm 7.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor-\u003eheader.width` and `cursor-\u003eheader.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362-\u003eCWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2036966",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036966"
},
{
"name": "https://starlabs.sg/advisories/21-4207/",
"refsource": "MISC",
"url": "https://starlabs.sg/advisories/21-4207/"
},
{
"name": "DSA-5133",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5133"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4207",
"datePublished": "2022-04-29T16:07:33",
"dateReserved": "2022-01-13T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1568
Vulnerability from cvelistv5
Published
2016-04-08 16:00
Modified
2024-08-05 23:02
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:0086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0086.html"
},
{
"name": "[oss-security] 20160109 Re: Qemu: ide: ahci use-after-free vulnerability in aio port commands",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/09/2"
},
{
"name": "80191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ab0359a8ae182a7ac5c99609667273167703fab"
},
{
"name": "1034859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034859"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "RHSA-2016:0087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0087.html"
},
{
"name": "RHSA-2016:0084",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0084.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "RHSA-2016:0088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0088.html"
},
{
"name": "[oss-security] 20160109 Qemu: ide: ahci use-after-free vulnerability in aio port commands",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/09/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:0086",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0086.html"
},
{
"name": "[oss-security] 20160109 Re: Qemu: ide: ahci use-after-free vulnerability in aio port commands",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/09/2"
},
{
"name": "80191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ab0359a8ae182a7ac5c99609667273167703fab"
},
{
"name": "1034859",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034859"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "RHSA-2016:0087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0087.html"
},
{
"name": "RHSA-2016:0084",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0084.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "RHSA-2016:0088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0088.html"
},
{
"name": "[oss-security] 20160109 Qemu: ide: ahci use-after-free vulnerability in aio port commands",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/09/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-1568",
"datePublished": "2016-04-08T16:00:00",
"dateReserved": "2016-01-09T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8667
Vulnerability from cvelistv5
Published
2016-11-04 21:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/15/4 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93567 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2016/10/14/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161015 Re: CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/15/4"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "93567",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93567"
},
{
"name": "[qemu-devel] 20161012 [PATCH] dma: rc4030: limit interval timer reload value",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[oss-security] 20161014 CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/14/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161015 Re: CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/15/4"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "93567",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93567"
},
{
"name": "[qemu-devel] 20161012 [PATCH] dma: rc4030: limit interval timer reload value",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[oss-security] 20161014 CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/14/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8667",
"datePublished": "2016-11-04T21:00:00",
"dateReserved": "2016-10-15T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20221
Vulnerability from cvelistv5
Published
2021-05-13 15:34
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/02/05/1 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1924601 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210708-0005/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210205 CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/05/1"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0005/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "up to, including qemu 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125-\u003eCWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:40",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210205 CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/05/1"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0005/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20221",
"datePublished": "2021-05-13T15:34:48",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9913
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94729 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201701-49 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/12/06/11 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/12/08/7 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4774718e5c194026ba5ee7a28d9be49be3080e42 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94729"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4774718e5c194026ba5ee7a28d9be49be3080e42"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "94729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94729"
},
{
"name": "[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html"
},
{
"name": "GLSA-201701-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/06/11"
},
{
"name": "[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/08/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4774718e5c194026ba5ee7a28d9be49be3080e42"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9913",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-12-08T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29443
Vulnerability from cvelistv5
Published
2021-01-22 07:05
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg04685.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/01/18/2 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210304-0003/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:09.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg04685.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/18/2"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0003/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg04685.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/18/2"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0003/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg04685.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg04685.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2021/01/18/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2021/01/18/2"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210304-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210304-0003/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29443",
"datePublished": "2021-01-22T07:05:46",
"dateReserved": "2020-12-01T00:00:00",
"dateUpdated": "2024-08-04T16:55:09.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1981
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201604-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.debian.org/security/2016/dsa-3469 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.debian.org/security/2016/dsa-3470 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2016/01/19/10 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1298570 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/01/22/1 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2016-2585.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/81549 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[qemu-devel] 20160119 [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer start",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "[oss-security] 20160119 CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298570"
},
{
"name": "[oss-security] 20160122 Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/1"
},
{
"name": "RHSA-2016:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2585.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "81549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[qemu-devel] 20160119 [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer start",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "[oss-security] 20160119 CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298570"
},
{
"name": "[oss-security] 20160122 Re: CVE request Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/1"
},
{
"name": "RHSA-2016:2585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2585.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "81549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81549"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-1981",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-01-21T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4145
Vulnerability from cvelistv5
Published
2022-01-25 19:11
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2034602 | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220311-0004/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220311-0004/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu-kvm 6.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it\u0027s not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:12:08",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220311-0004/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-4145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu-kvm 6.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it\u0027s not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2034602",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034602"
},
{
"name": "https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd",
"refsource": "MISC",
"url": "https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220311-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220311-0004/"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4145",
"datePublished": "2022-01-25T19:11:14",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6693
Vulnerability from cvelistv5
Published
2024-01-02 09:15
Modified
2024-11-15 15:15
Severity ?
EPSS score ?
Summary
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:2962 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-6693 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2254580 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2962"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6693"
},
{
"name": "RHBZ#2254580",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254580"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "virt-devel:rhel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240314161907.e155f54d",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "virt:rhel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240314161907.e155f54d",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Xiao Lei (Zhejiang University) for reporting this issue."
}
],
"datePublic": "2024-01-02T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:15:02.684Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2962"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6693"
},
{
"name": "RHBZ#2254580",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254580"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-11T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-02T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6693",
"datePublished": "2024-01-02T09:15:08.280Z",
"dateReserved": "2023-12-11T17:20:44.491Z",
"dateUpdated": "2024-11-15T15:15:02.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0143
Vulnerability from cvelistv5
Published
2017-08-10 15:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079140"
},
{
"name": "RHSA-2014:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"name": "RHSA-2014:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e3737b820b45e54b059656dc3f914f895ac7a88b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=afbcc40bee4ef51731102d7d4b499ee12fc182e1"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=509a41bab5306181044b5fff02eadf96d9c8676a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=db8a31d11d6a60f48d6817530640d75aa72a9a2f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cab60de930684c33f67d4e32c7509b567f8c445b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079140"
},
{
"name": "RHSA-2014:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"name": "RHSA-2014:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e3737b820b45e54b059656dc3f914f895ac7a88b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=afbcc40bee4ef51731102d7d4b499ee12fc182e1"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=509a41bab5306181044b5fff02eadf96d9c8676a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8f4754ede56e3f9ea3fd7207f4a7c4453e59285b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=db8a31d11d6a60f48d6817530640d75aa72a9a2f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=cab60de930684c33f67d4e32c7509b567f8c445b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0143",
"datePublished": "2017-08-10T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27617
Vulnerability from cvelistv5
Published
2020-11-06 07:51
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/11/02/1 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20201202-0002/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:44.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/02/1"
},
{
"name": "[debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/02/1"
},
{
"name": "[debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/11/02/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/11/02/1"
},
{
"name": "[debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201202-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201202-0002/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27617",
"datePublished": "2020-11-06T07:51:37",
"dateReserved": "2020-10-22T00:00:00",
"dateUpdated": "2024-08-04T16:18:44.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-3567
Vulnerability from cvelistv5
Published
2024-04-10 14:32
Modified
2024-11-15 17:53
Severity ?
EPSS score ?
Summary
Qemu-kvm: net: assertion failure in update_sctp_checksum()
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-3567 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2274339 | issue-tracking, x_refsource_REDHAT | |
| https://gitlab.com/qemu-project/qemu/-/issues/2273 |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-22T18:03:13.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3567"
},
{
"name": "RHBZ#2274339",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274339"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/2273"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240822-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3567",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T19:35:38.865793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T20:02:50.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/qemu-project/qemu/",
"defaultStatus": "unaffected",
"packageName": "net",
"versions": [
{
"status": "affected",
"version": "8.2.92"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-04-08T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:53:40.228Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3567"
},
{
"name": "RHBZ#2274339",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274339"
},
{
"url": "https://gitlab.com/qemu-project/qemu/-/issues/2273"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-04-08T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu-kvm: net: assertion failure in update_sctp_checksum()",
"x_redhatCweChain": "CWE-617: Reachable Assertion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-3567",
"datePublished": "2024-04-10T14:32:02.343Z",
"dateReserved": "2024-04-10T07:32:56.203Z",
"dateUpdated": "2024-11-15T17:53:40.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3180
Vulnerability from cvelistv5
Published
2023-08-03 14:31
Modified
2024-09-25 19:56
Severity ?
EPSS score ?
Summary
Heap buffer overflow in virtio_crypto_sym_op_helper()
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3180"
},
{
"name": "RHBZ#2222424",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222424"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:56:22.741782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:56:37.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-08-03T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T02:29:25.701Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3180"
},
{
"name": "RHBZ#2222424",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222424"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0008/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-03T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Heap buffer overflow in virtio_crypto_sym_op_helper()",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3180",
"datePublished": "2023-08-03T14:31:36.083Z",
"dateReserved": "2023-06-09T08:30:43.335Z",
"dateUpdated": "2024-09-25T19:56:37.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3546
Vulnerability from cvelistv5
Published
2021-06-02 13:30
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/05/31/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1958978 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210720-0008/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2021/dsa-4980 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210531 QEMU: security issues in vhost-user-gpu",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
},
{
"name": "DSA-4980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All QEMU versions up to and including 6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the \u0027VIRTIO_GPU_CMD_GET_CAPSET\u0027 command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T19:06:27",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210531 QEMU: security issues in vhost-user-gpu",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/31/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0008/"
},
{
"name": "DSA-4980",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4980"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3546",
"datePublished": "2021-06-02T13:30:30",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6399
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0743.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0744.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6399",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1750
Vulnerability from cvelistv5
Published
2012-06-21 15:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2230",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2011/dsa-2230"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d"
},
{
"name": "RHSA-2011:0534",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0534.html"
},
{
"name": "[Qemu-devel] 20110330 virtio-blk.c handling of i/o which is not a 512 multiple",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html"
},
{
"name": "44393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44393"
},
{
"name": "44658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44658"
},
{
"name": "SUSE-SU-2011:0533",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/8572547"
},
{
"name": "kvm-virtioblk-priv-escalation(67062)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67062"
},
{
"name": "44660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44660"
},
{
"name": "[Qemu-devel] 20110330 Re: virtio-blk.c handling of i/o which is not a 512 multiple",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html"
},
{
"name": "73756",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73756"
},
{
"name": "USN-1145-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/USN-1145-1/"
},
{
"name": "44900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44900"
},
{
"name": "openSUSE-SU-2011:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html"
},
{
"name": "44132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44132"
},
{
"name": "FEDORA-2012-8604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2230",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2011/dsa-2230"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=virt/kvm/qemu-kvm.git%3Ba=commitdiff%3Bh=52c050236eaa4f0b5e1d160cd66dc18106445c4d"
},
{
"name": "RHSA-2011:0534",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0534.html"
},
{
"name": "[Qemu-devel] 20110330 virtio-blk.c handling of i/o which is not a 512 multiple",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03015.html"
},
{
"name": "44393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44393"
},
{
"name": "44658",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44658"
},
{
"name": "SUSE-SU-2011:0533",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/8572547"
},
{
"name": "kvm-virtioblk-priv-escalation(67062)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67062"
},
{
"name": "44660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44660"
},
{
"name": "[Qemu-devel] 20110330 Re: virtio-blk.c handling of i/o which is not a 512 multiple",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2011-03/msg03019.html"
},
{
"name": "73756",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73756"
},
{
"name": "USN-1145-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/USN-1145-1/"
},
{
"name": "44900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44900"
},
{
"name": "openSUSE-SU-2011:0510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00043.html"
},
{
"name": "44132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44132"
},
{
"name": "FEDORA-2012-8604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1750",
"datePublished": "2012-06-21T15:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2016
Vulnerability from cvelistv5
Published
2019-12-30 21:47
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2013-2016 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2013-2016 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/04/29/5 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/04/29/6 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/59541 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83850 | x_refsource_MISC | |
| https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| qemu | qemu (virtio-rng) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2016"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-2016"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59541"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83850"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu (virtio-rng)",
"vendor": "qemu",
"versions": [
{
"status": "affected",
"version": "v1.3.0 and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host\u0027s qemu address space and thus increase their privileges on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T14:29:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2016"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-2016"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/59541"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83850"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2016",
"datePublished": "2019-12-30T21:47:07",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13765
Vulnerability from cvelistv5
Published
2020-06-04 15:26
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/06/03/6 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200619-0006/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/03/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0006/"
},
{
"name": "[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T19:58:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/03/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0006/"
},
{
"name": "[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=e423455c4f23a1a828901c78fe6d03b7dde79319",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=e423455c4f23a1a828901c78fe6d03b7dde79319"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/06/03/6",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/06/03/6"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200619-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200619-0006/"
},
{
"name": "[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676",
"refsource": "MISC",
"url": "https://github.com/qemu/qemu/commit/4f1c6cb2f9afafda05eab150fd2bd284edce6676"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13765",
"datePublished": "2020-06-04T15:26:17",
"dateReserved": "2020-06-02T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0011
Vulnerability from cvelistv5
Published
2012-06-21 15:00
Modified
2024-08-06 21:36
Severity ?
EPSS score ?
Summary
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43733 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2011/01/11/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/01/12/2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/44393 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2011/01/10/3 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2011-0345.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.osvdb.org/70992 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65215 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/42830 | third-party-advisory, x_refsource_SECUNIA | |
| http://ubuntu.com/usn/usn-1063-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197 | x_refsource_MISC | |
| http://secunia.com/advisories/43272 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43733"
},
{
"name": "[oss-security] 20110110 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/11/1"
},
{
"name": "[oss-security] 20110112 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/12/2"
},
{
"name": "44393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44393"
},
{
"name": "[oss-security] 20110110 CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/10/3"
},
{
"name": "RHSA-2011:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0345.html"
},
{
"name": "70992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70992"
},
{
"name": "qemu-vnc-security-bypass(65215)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65215"
},
{
"name": "42830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42830"
},
{
"name": "USN-1063-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1063-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197"
},
{
"name": "43272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "43733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43733"
},
{
"name": "[oss-security] 20110110 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/11/1"
},
{
"name": "[oss-security] 20110112 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/12/2"
},
{
"name": "44393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44393"
},
{
"name": "[oss-security] 20110110 CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/01/10/3"
},
{
"name": "RHSA-2011:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-0345.html"
},
{
"name": "70992",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70992"
},
{
"name": "qemu-vnc-security-bypass(65215)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65215"
},
{
"name": "42830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42830"
},
{
"name": "USN-1063-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1063-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197"
},
{
"name": "43272",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43272"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0011",
"datePublished": "2012-06-21T15:00:00",
"dateReserved": "2010-12-07T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4106
Vulnerability from cvelistv5
Published
2015-06-03 20:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2630-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2630-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX206006"
},
{
"name": "DSA-3286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3286"
},
{
"name": "SUSE-SU-2015:1156",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
},
{
"name": "FEDORA-2015-9466",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"
},
{
"name": "DSA-3284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3284"
},
{
"name": "74949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-131.html"
},
{
"name": "SUSE-SU-2015:1157",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX201145"
},
{
"name": "SUSE-SU-2015:1045",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "1032467",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032467"
},
{
"name": "FEDORA-2015-9456",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"
},
{
"name": "SUSE-SU-2015:1042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
},
{
"name": "FEDORA-2015-9965",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-14T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-2630-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2630-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX206006"
},
{
"name": "DSA-3286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3286"
},
{
"name": "SUSE-SU-2015:1156",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
},
{
"name": "FEDORA-2015-9466",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"
},
{
"name": "DSA-3284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3284"
},
{
"name": "74949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-131.html"
},
{
"name": "SUSE-SU-2015:1157",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX201145"
},
{
"name": "SUSE-SU-2015:1045",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "1032467",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032467"
},
{
"name": "FEDORA-2015-9456",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"
},
{
"name": "SUSE-SU-2015:1042",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
},
{
"name": "FEDORA-2015-9965",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2630-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2630-1"
},
{
"name": "https://support.citrix.com/article/CTX206006",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX206006"
},
{
"name": "DSA-3286",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3286"
},
{
"name": "SUSE-SU-2015:1156",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
},
{
"name": "FEDORA-2015-9466",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"
},
{
"name": "DSA-3284",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3284"
},
{
"name": "74949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74949"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-131.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-131.html"
},
{
"name": "SUSE-SU-2015:1157",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
},
{
"name": "http://support.citrix.com/article/CTX201145",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX201145"
},
{
"name": "SUSE-SU-2015:1045",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "1032467",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032467"
},
{
"name": "FEDORA-2015-9456",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"
},
{
"name": "SUSE-SU-2015:1042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
},
{
"name": "FEDORA-2015-9965",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4106",
"datePublished": "2015-06-03T20:00:00",
"dateReserved": "2015-05-27T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2007
Vulnerability from cvelistv5
Published
2013-05-21 18:00
Modified
2024-08-06 15:20
Severity ?
EPSS score ?
Summary
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html | vendor-advisory, x_refsource_SUSE | |
| http://osvdb.org/93032 | vdb-entry, x_refsource_OSVDB | |
| https://bugzilla.redhat.com/show_bug.cgi?id=956082 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1028521 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/59675 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2013/05/06/5 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/53325 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84047 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2013-0791.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-0896.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:1202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html"
},
{
"name": "93032",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=956082"
},
{
"name": "1028521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028521"
},
{
"name": "59675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59675"
},
{
"name": "[oss-security] 20130506 Xen Security Advisory 51 (CVE-2013-2007) - qemu guest agent (qga) insecure file permissions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/06/5"
},
{
"name": "53325",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53325"
},
{
"name": "qemu-cve20132007-priv-esc(84047)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84047"
},
{
"name": "RHSA-2013:0791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0791.html"
},
{
"name": "RHSA-2013:0896",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0896.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:1202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html"
},
{
"name": "93032",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=956082"
},
{
"name": "1028521",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028521"
},
{
"name": "59675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59675"
},
{
"name": "[oss-security] 20130506 Xen Security Advisory 51 (CVE-2013-2007) - qemu guest agent (qga) insecure file permissions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/06/5"
},
{
"name": "53325",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53325"
},
{
"name": "qemu-cve20132007-priv-esc(84047)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84047"
},
{
"name": "RHSA-2013:0791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0791.html"
},
{
"name": "RHSA-2013:0896",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0896.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2007",
"datePublished": "2013-05-21T18:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20181
Vulnerability from cvelistv5
Published
2021-05-13 15:24
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-21-159/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1927007 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210720-0009/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-159/"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0009/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "up to, including 5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367-\u003eCWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-159/"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210720-0009/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20181",
"datePublished": "2021-05-13T15:24:15",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5279
Vulnerability from cvelistv5
Published
2015-09-28 16:00
Modified
2024-08-06 06:41
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3361"
},
{
"name": "FEDORA-2015-16369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html"
},
{
"name": "FEDORA-2015-16370",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html"
},
{
"name": "[oss-security] 20150915 CVE-2015-5279 Qemu: net: add checks to validate ring buffer pointers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/3"
},
{
"name": "[Qemu-devel] 20150915 [PULL 2/3] net: add checks to validate ring buffer pointers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html"
},
{
"name": "RHSA-2015:1896",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1896.html"
},
{
"name": "SUSE-SU-2015:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "FEDORA-2015-16368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"name": "RHSA-2015:1924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1924.html"
},
{
"name": "76746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76746"
},
{
"name": "DSA-3362",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3362"
},
{
"name": "1033569",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033569"
},
{
"name": "RHSA-2015:1923",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1923.html"
},
{
"name": "RHSA-2015:1925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1925.html"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:02:34",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3361",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3361"
},
{
"name": "FEDORA-2015-16369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html"
},
{
"name": "FEDORA-2015-16370",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html"
},
{
"name": "[oss-security] 20150915 CVE-2015-5279 Qemu: net: add checks to validate ring buffer pointers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/3"
},
{
"name": "[Qemu-devel] 20150915 [PULL 2/3] net: add checks to validate ring buffer pointers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html"
},
{
"name": "RHSA-2015:1896",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1896.html"
},
{
"name": "SUSE-SU-2015:1782",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "FEDORA-2015-16368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"name": "RHSA-2015:1924",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1924.html"
},
{
"name": "76746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76746"
},
{
"name": "DSA-3362",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3362"
},
{
"name": "1033569",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033569"
},
{
"name": "RHSA-2015:1923",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1923.html"
},
{
"name": "RHSA-2015:1925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1925.html"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5279",
"datePublished": "2015-09-28T16:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7909
Vulnerability from cvelistv5
Published
2016-10-05 16:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93275 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/10/03/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/10/03/3 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:20.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93275"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161003 Re: CVE Request Qemu: net: pcnet: infinite loop in pcnet_rdra_addr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/6"
},
{
"name": "[oss-security] 20161003 CVE Request Qemu: net: pcnet: infinite loop in pcnet_rdra_addr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/3"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160930 [PATCH 1/2] net: pcnet: check rx/tx descriptor ring length",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "93275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93275"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161003 Re: CVE Request Qemu: net: pcnet: infinite loop in pcnet_rdra_addr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/6"
},
{
"name": "[oss-security] 20161003 CVE Request Qemu: net: pcnet: infinite loop in pcnet_rdra_addr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/3"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160930 [PATCH 1/2] net: pcnet: check rx/tx descriptor ring length",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7909",
"datePublished": "2016-10-05T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:20.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7907
Vulnerability from cvelistv5
Published
2016-10-05 16:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/03/1 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201611-11 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93274 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2016/10/03/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:20.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161003 CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/1"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20160922 [PATCH v2] net: imx: limit buffer descriptor count",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html"
},
{
"name": "93274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93274"
},
{
"name": "[oss-security] 20161003 Re: CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161003 CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/1"
},
{
"name": "GLSA-201611-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "openSUSE-SU-2016:3237",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20160922 [PATCH v2] net: imx: limit buffer descriptor count",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html"
},
{
"name": "93274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93274"
},
{
"name": "[oss-security] 20161003 Re: CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/10/03/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7907",
"datePublished": "2016-10-05T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:20.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1320
Vulnerability from cvelistv5
Published
2007-05-02 17:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "FEDORA-2008-4386",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html"
},
{
"name": "oval:org.mitre.oval:def:10315",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315"
},
{
"name": "35494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35494"
},
{
"name": "27047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27047"
},
{
"name": "FEDORA-2008-4604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "27085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27085"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "30413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30413"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "27103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27103"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "RHSA-2007:0323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25095"
},
{
"name": "FEDORA-2007-713",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
},
{
"name": "DSA-1384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to \"attempting to mark non-existent regions as dirty,\" aka the \"bitblt\" heap overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "FEDORA-2008-4386",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html"
},
{
"name": "oval:org.mitre.oval:def:10315",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315"
},
{
"name": "35494",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35494"
},
{
"name": "27047",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27047"
},
{
"name": "FEDORA-2008-4604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html"
},
{
"name": "DSA-1284",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25073"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "27085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27085"
},
{
"name": "SUSE-SR:2009:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "30413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30413"
},
{
"name": "33568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33568"
},
{
"name": "ADV-2007-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "27103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27103"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
},
{
"name": "RHSA-2007:0323",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
},
{
"name": "25095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25095"
},
{
"name": "FEDORA-2007-713",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
},
{
"name": "DSA-1384",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to \"attempting to mark non-existent regions as dirty,\" aka the \"bitblt\" heap overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23731"
},
{
"name": "MDKSA-2007:203",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
},
{
"name": "FEDORA-2008-4386",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html"
},
{
"name": "oval:org.mitre.oval:def:10315",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315"
},
{
"name": "35494",
"refsource": "OSVDB",
"url": "http://osvdb.org/35494"
},
{
"name": "27047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27047"
},
{
"name": "FEDORA-2008-4604",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html"
},
{
"name": "DSA-1284",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1284"
},
{
"name": "25073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25073"
},
{
"name": "http://taviso.decsystem.org/virtsec.pdf",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/virtsec.pdf"
},
{
"name": "27486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27486"
},
{
"name": "MDVSA-2008:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "27085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27085"
},
{
"name": "SUSE-SR:2009:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "30413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30413"
},
{
"name": "33568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33568"
},
{
"name": "ADV-2007-1597",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1597"
},
{
"name": "27103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27103"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
},
{
"name": "RHSA-2007:0323",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
},
{
"name": "25095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25095"
},
{
"name": "FEDORA-2007-713",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
},
{
"name": "DSA-1384",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1320",
"datePublished": "2007-05-02T17:00:00",
"dateReserved": "2007-03-07T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24352
Vulnerability from cvelistv5
Published
2020-10-16 05:05
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.qemu.org/?p=qemu.git | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1847584 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201123-0003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201123-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T11:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201123-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.qemu.org/?p=qemu.git",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847584"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201123-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201123-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24352",
"datePublished": "2020-10-16T05:05:13",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8284
Vulnerability from cvelistv5
Published
2017-04-26 14:00
Modified
2024-09-16 18:03
Severity ?
EPSS score ?
Summary
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1122 | x_refsource_MISC | |
| https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated \"this bug does not violate any security guarantees QEMU makes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-26T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated \"this bug does not violate any security guarantees QEMU makes.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1122",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1122"
},
{
"name": "https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14",
"refsource": "MISC",
"url": "https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8284",
"datePublished": "2017-04-26T14:00:00Z",
"dateReserved": "2017-04-26T00:00:00Z",
"dateUpdated": "2024-09-16T18:03:56.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3527
Vulnerability from cvelistv5
Published
2021-05-26 21:13
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1955695 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/05/05/5 | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210708-0008/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955695"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/05/05/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0008/"
},
{
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:17",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955695"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/05/05/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0008/"
},
{
"name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3527",
"datePublished": "2021-05-26T21:13:56",
"dateReserved": "2021-04-30T00:00:00",
"dateUpdated": "2024-08-03T17:01:07.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0222
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/67357 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2014/dsa-3044 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-devel] 20140512 [PATCH 3/5] qcow1: Validate L2 table size (CVE-2014-0222)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html"
},
{
"name": "SUSE-SU-2015:0929",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "67357",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67357"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "openSUSE-SU-2015:1965",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"
},
{
"name": "FEDORA-2014-6970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-devel] 20140512 [PATCH 3/5] qcow1: Validate L2 table size (CVE-2014-0222)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html"
},
{
"name": "SUSE-SU-2015:0929",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "67357",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67357"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "openSUSE-SU-2015:1965",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"
},
{
"name": "FEDORA-2014-6970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0222",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6501
Vulnerability from cvelistv5
Published
2019-03-17 16:51
Modified
2024-08-04 20:23
Severity ?
EPSS score ?
Summary
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/01/24/1 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20190411-0006/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:2166 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:2425 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:2553 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MLIST [oss-security] 20190124 CVE-2019-6501 QEMU: scsi-generic: possible OOB access while handling inquiry request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/01/24/1"
},
{
"name": "[Qemu-devel][PATCH] 20190111 scsi-generic: avoid possible out-of-bounds access to r-\u003ebuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0006/"
},
{
"name": "RHSA-2019:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2166"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T11:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MLIST [oss-security] 20190124 CVE-2019-6501 QEMU: scsi-generic: possible OOB access while handling inquiry request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/01/24/1"
},
{
"name": "[Qemu-devel][PATCH] 20190111 scsi-generic: avoid possible out-of-bounds access to r-\u003ebuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html"
},
{
"name": "FEDORA-2019-0664c7724d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190411-0006/"
},
{
"name": "RHSA-2019:2166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2166"
},
{
"name": "RHSA-2019:2425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MLIST [oss-security] 20190124 CVE-2019-6501 QEMU: scsi-generic: possible OOB access while handling inquiry request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/01/24/1"
},
{
"name": "[Qemu-devel][PATCH] 20190111 scsi-generic: avoid possible out-of-bounds access to r-\u003ebuf",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html"
},
{
"name": "FEDORA-2019-0664c7724d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190411-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190411-0006/"
},
{
"name": "RHSA-2019:2166",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2166"
},
{
"name": "RHSA-2019:2425",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2425"
},
{
"name": "RHSA-2019:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2553"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6501",
"datePublished": "2019-03-17T16:51:48",
"dateReserved": "2019-01-21T00:00:00",
"dateUpdated": "2024-08-04T20:23:22.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10761
Vulnerability from cvelistv5
Published
2020-06-09 12:07
Modified
2024-08-04 11:14
Severity ?
EPSS score ?
Summary
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2020/06/09/1 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html | vendor-advisory, x_refsource_SUSE | |
| https://security.netapp.com/advisory/ntap-20200731-0001/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/202011-09 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/09/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761"
},
{
"name": "openSUSE-SU-2020:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0001/"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU:",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "all QEMU versions before QEMU 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T05:06:16",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/06/09/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761"
},
{
"name": "openSUSE-SU-2020:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0001/"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU:",
"version": {
"version_data": [
{
"version_value": "all QEMU versions before QEMU 5.0.1"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-617"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/06/09/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/06/09/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761"
},
{
"name": "openSUSE-SU-2020:1108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200731-0001/"
},
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10761",
"datePublished": "2020-06-09T12:07:53",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:14.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0144
Vulnerability from cvelistv5
Published
2020-02-11 02:13
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vulnerabilitycenter.com/#%21vul=44767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:38:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vulnerabilitycenter.com/#%21vul=44767"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0144",
"datePublished": "2020-02-11T02:13:14",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2198
Vulnerability from cvelistv5
Published
2016-12-29 22:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/30/2 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301643 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/01/29/6 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201604-01 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160130 Re: CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/30/2"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301643"
},
{
"name": "[oss-security] 20160129 CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/29/6"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "[qemu-devel] 20160129 [PATCH] usb: ehci: add capability mmio write function",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160130 Re: CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/30/2"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301643"
},
{
"name": "[oss-security] 20160129 CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/29/6"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "[qemu-devel] 20160129 [PATCH] usb: ehci: add capability mmio write function",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg05899.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2198",
"datePublished": "2016-12-29T22:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-17380
Vulnerability from cvelistv5
Published
2021-01-30 05:38
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1862167 | x_refsource_CONFIRM | |
| https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2021/03/09/1 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210312-0003/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:16.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1862167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html"
},
{
"name": "[oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/09/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0003/"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-11T00:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1862167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html"
},
{
"name": "[oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/09/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0003/"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-17380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1862167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1862167"
},
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html",
"refsource": "CONFIRM",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html"
},
{
"name": "[oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/03/09/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210312-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210312-0003/"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17380",
"datePublished": "2021-01-30T05:38:01",
"dateReserved": "2020-08-07T00:00:00",
"dateUpdated": "2024-08-04T13:53:16.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4150
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0927.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eea750a5623ddac7a61982eec8f1c93481857578 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0927.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eea750a5623ddac7a61982eec8f1c93481857578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0927.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eea750a5623ddac7a61982eec8f1c93481857578"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4150",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:30:50.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5088
Vulnerability from cvelistv5
Published
2023-11-03 13:58
Modified
2024-11-15 16:33
Severity ?
EPSS score ?
Summary
Qemu: improper ide controller reset can lead to mbr overwrite
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:2135 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2962 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-5088 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2247283 | issue-tracking, x_refsource_REDHAT | |
| https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/ |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2135"
},
{
"name": "RHSA-2024:2962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2962"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5088"
},
{
"name": "RHBZ#2247283",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247283"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "virt-devel:rhel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240314161907.e155f54d",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "virt:rhel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240314161907.e155f54d",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "17:8.2.0-11.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
}
],
"datePublic": "2023-09-21T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM\u0027s boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-821",
"description": "Incorrect Synchronization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:33:27.071Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2135"
},
{
"name": "RHSA-2024:2962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2962"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5088"
},
{
"name": "RHBZ#2247283",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247283"
},
{
"url": "https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-20T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-21T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: improper ide controller reset can lead to mbr overwrite",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-821: Incorrect Synchronization"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5088",
"datePublished": "2023-11-03T13:58:50.085Z",
"dateReserved": "2023-09-20T14:21:47.295Z",
"dateUpdated": "2024-11-15T16:33:27.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11947
Vulnerability from cvelistv5
Published
2020-12-31 00:13
Modified
2024-08-04 11:42
Severity ?
EPSS score ?
Summary
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/01/13/4 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210212-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5"
},
{
"name": "[oss-security] 20210113 CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/13/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T10:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5"
},
{
"name": "[oss-security] 20210113 CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/13/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210212-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5"
},
{
"name": "[oss-security] 20210113 CVE-2020-11947 QEMU: heap buffer overflow in iSCSI block driver may lead to information disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/13/4"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210212-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210212-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11947",
"datePublished": "2020-12-31T00:13:30",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15034
Vulnerability from cvelistv5
Published
2020-03-10 17:19
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html | vendor-advisory, x_refsource_SUSE | |
| https://www.debian.org/security/2020/dsa-4665 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/4372-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html"
},
{
"name": "openSUSE-SU-2020:0468",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "DSA-4665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "USN-4372-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4372-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-28T22:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html"
},
{
"name": "openSUSE-SU-2020:0468",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "DSA-4665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "USN-4372-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4372-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html"
},
{
"name": "openSUSE-SU-2020:0468",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "DSA-4665",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "USN-4372-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4372-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15034",
"datePublished": "2020-03-10T17:19:02",
"dateReserved": "2019-08-14T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5683
Vulnerability from cvelistv5
Published
2018-01-23 18:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2162 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4213 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2018:0816 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2018:1104 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3575-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/102518 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2018/01/15/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "[Qemu-devel] 20180112 Re: [Qemu-devel] [PATCH v3] vga: check the validation of memory addr when draw text",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "102518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102518"
},
{
"name": "[oss-security] 20180115 CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/01/15/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:2162",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "[Qemu-devel] 20180112 Re: [Qemu-devel] [PATCH v3] vga: check the validation of memory addr when draw text",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "102518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102518"
},
{
"name": "[oss-security] 20180115 CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/01/15/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2162",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2162"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "RHSA-2018:0816",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "[Qemu-devel] 20180112 Re: [Qemu-devel] [PATCH v3] vga: check the validation of memory addr when draw text",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "102518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102518"
},
{
"name": "[oss-security] 20180115 CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/01/15/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5683",
"datePublished": "2018-01-23T18:00:00",
"dateReserved": "2018-01-13T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20196
Vulnerability from cvelistv5
Published
2021-05-26 21:16
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/qemu/+bug/1912780 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/01/28/1 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210708-0004/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1912780"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/28/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0004/"
},
{
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "vulnerable up to (including) qemu 5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:36",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1912780"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/28/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0004/"
},
{
"name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20196",
"datePublished": "2021-05-26T21:16:58",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14415
Vulnerability from cvelistv5
Published
2020-08-27 15:31
Modified
2024-08-04 12:46
Severity ?
EPSS score ?
Summary
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7a4ede0047a8613b0e3b72c9d351038f013dd357 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7a4ede0047a8613b0e3b72c9d351038f013dd357"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-27T15:31:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7a4ede0047a8613b0e3b72c9d351038f013dd357"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14415",
"datePublished": "2020-08-27T15:31:38",
"dateReserved": "2020-06-18T00:00:00",
"dateUpdated": "2024-08-04T12:46:34.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4148
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0743.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0744.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=71f7fe48e10a8437c9d42d859389f37157f59980 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=71f7fe48e10a8437c9d42d859389f37157f59980"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=71f7fe48e10a8437c9d42d859389f37157f59980"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4148",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:30:50.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20126
Vulnerability from cvelistv5
Published
2018-12-20 21:00
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2018/12/19/4 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02824.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/106298 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/3923-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:19.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20181219 CVE-2018-20126 QEMU: pvrdma: memory leakage when creating cq/qp",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/19/4"
},
{
"name": "[qemu-devel] 20181213 [PATCH v2 4/6] pvrdma: release ring object in case of an error",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02824.html"
},
{
"name": "106298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106298"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "openSUSE-SU-2019:2510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T15:06:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20181219 CVE-2018-20126 QEMU: pvrdma: memory leakage when creating cq/qp",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/12/19/4"
},
{
"name": "[qemu-devel] 20181213 [PATCH v2 4/6] pvrdma: release ring object in case of an error",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02824.html"
},
{
"name": "106298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106298"
},
{
"name": "USN-3923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "openSUSE-SU-2019:2510",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181219 CVE-2018-20126 QEMU: pvrdma: memory leakage when creating cq/qp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/12/19/4"
},
{
"name": "[qemu-devel] 20181213 [PATCH v2 4/6] pvrdma: release ring object in case of an error",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02824.html"
},
{
"name": "106298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106298"
},
{
"name": "USN-3923-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3923-1/"
},
{
"name": "openSUSE-SU-2019:2510",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html"
},
{
"name": "openSUSE-SU-2019:2505",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00038.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20126",
"datePublished": "2018-12-20T21:00:00",
"dateReserved": "2018-12-13T00:00:00",
"dateUpdated": "2024-08-05T11:51:19.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3255
Vulnerability from cvelistv5
Published
2023-09-13 16:12
Modified
2024-11-15 16:27
Severity ?
EPSS score ?
Summary
Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:2135 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2962 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-3255 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2218486 | issue-tracking, x_refsource_REDHAT |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2135"
},
{
"name": "RHSA-2024:2962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2962"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3255"
},
{
"name": "RHBZ#2218486",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218486"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "virt-devel:rhel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240314161907.e155f54d",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "virt:rhel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240314161907.e155f54d",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "17:8.2.0-11.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Kevin Denis (Synacktiv) for reporting this issue."
}
],
"datePublic": "2023-07-04T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T16:27:18.857Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2135"
},
{
"name": "RHSA-2024:2962",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2962"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3255"
},
{
"name": "RHBZ#2218486",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218486"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-28T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service",
"x_redhatCweChain": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3255",
"datePublished": "2023-09-13T16:12:52.294Z",
"dateReserved": "2023-06-14T21:08:31.376Z",
"dateUpdated": "2024-11-15T16:27:18.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4002
Vulnerability from cvelistv5
Published
2016-04-26 14:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326082"
},
{
"name": "85992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85992"
},
{
"name": "FEDORA-2016-48e72b7bc5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[oss-security] 20160412 CVE Request: Qemu: net: buffer overflow in MIPSnet emulator",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/6"
},
{
"name": "FEDORA-2016-35d7b09908",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html"
},
{
"name": "FEDORA-2016-75063477ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[oss-security] 20160412 Re: CVE Request: Qemu: net: buffer overflow in MIPSnet emulator",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/12/7"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[Qemu-devel] 20160407 [PATCH] net: mipsnet: check packet length against buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326082"
},
{
"name": "85992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85992"
},
{
"name": "FEDORA-2016-48e72b7bc5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[oss-security] 20160412 CVE Request: Qemu: net: buffer overflow in MIPSnet emulator",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/11/6"
},
{
"name": "FEDORA-2016-35d7b09908",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html"
},
{
"name": "FEDORA-2016-75063477ca",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[oss-security] 20160412 Re: CVE Request: Qemu: net: buffer overflow in MIPSnet emulator",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/12/7"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[Qemu-devel] 20160407 [PATCH] net: mipsnet: check packet length against buffer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4002",
"datePublished": "2016-04-26T14:00:00",
"dateReserved": "2016-04-12T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20255
Vulnerability from cvelistv5
Published
2021-03-09 19:14
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1930646 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/02/25/1 | x_refsource_MISC | |
| https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930646"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/02/25/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-07T04:06:34",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930646"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/02/25/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1"
},
{
"name": "[debian-lts-announce] 20210410 [SECURITY] [DLA 2623-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20255",
"datePublished": "2021-03-09T19:14:05",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24165
Vulnerability from cvelistv5
Published
2023-08-28 00:00
Modified
2024-08-04 15:05
Severity ?
EPSS score ?
Summary
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1863025"
},
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/iqCbjdT8"
},
{
"name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231006-0012/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T20:27:42.455290",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.launchpad.net/qemu/+bug/1863025"
},
{
"url": "https://pastebin.com/iqCbjdT8"
},
{
"name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0012/"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24165",
"datePublished": "2023-08-28T00:00:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:05:11.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4531
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4531",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20257
Vulnerability from cvelistv5
Published
2022-03-16 14:12
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2021/02/25/2 | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html | x_refsource_MISC | |
| https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1930087 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220425-0003/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/02/25/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930087"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed-In v6.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:44",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/02/25/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930087"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20257",
"datePublished": "2022-03-16T14:12:26",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:37:23.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4151
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0743.html | vendor-advisory, x_refsource_REDHAT | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=cc45995294b92d95319b4782750a3580cabdbc0c | x_refsource_CONFIRM | |
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0744.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=cc45995294b92d95319b4782750a3580cabdbc0c"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=cc45995294b92d95319b4782750a3580cabdbc0c"
},
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4151",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15289
Vulnerability from cvelistv5
Published
2017-10-16 18:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0516",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0516"
},
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "101262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101262"
},
{
"name": "[oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/10/12/16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "RHSA-2017:3368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3368"
},
{
"name": "[qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "RHSA-2017:3369",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3369"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:0516",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0516"
},
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "101262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101262"
},
{
"name": "[oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/10/12/16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "RHSA-2017:3368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3368"
},
{
"name": "[qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "RHSA-2017:3369",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3369"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0516",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0516"
},
{
"name": "RHSA-2017:3473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "101262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101262"
},
{
"name": "[oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/10/12/16"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290"
},
{
"name": "RHSA-2017:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2017:3471",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "RHSA-2017:3368",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3368"
},
{
"name": "[qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html"
},
{
"name": "RHSA-2017:3466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "RHSA-2017:3369",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3369"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15289",
"datePublished": "2017-10-16T18:00:00",
"dateReserved": "2017-10-12T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10839
Vulnerability from cvelistv5
Published
2018-10-16 14:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4338 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/3826-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.openwall.com/lists/oss-security/2018/10/08/1 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:2892 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The QEMU Project | Qemu-kvm |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839"
},
{
"name": "DSA-4338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20180926 [PULL 21/25] ne2000: fix possible out of bound access in ne2000_receive",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html"
},
{
"name": "RHSA-2019:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu-kvm",
"vendor": "The QEMU Project",
"versions": [
{
"status": "affected",
"version": "\u003c= 3.0.0"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu emulator \u003c= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-24T15:06:17",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10839"
},
{
"name": "DSA-4338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4338"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[oss-security] 20181008 Qemu: integer overflow issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2018/10/08/1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20180926 [PULL 21/25] ne2000: fix possible out of bound access in ne2000_receive",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html"
},
{
"name": "RHSA-2019:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10839",
"datePublished": "2018-10-16T14:00:00",
"dateReserved": "2018-05-09T00:00:00",
"dateUpdated": "2024-08-05T07:46:47.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20382
Vulnerability from cvelistv5
Published
2020-03-05 18:27
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/03/05/1 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html | vendor-advisory, x_refsource_SUSE | |
| https://www.debian.org/security/2020/dsa-4665 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/4372-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/05/1"
},
{
"name": "openSUSE-SU-2020:0468",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "DSA-4665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "USN-4372-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4372-1/"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-26T13:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2020/03/05/1"
},
{
"name": "openSUSE-SU-2020:0468",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "DSA-4665",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "USN-4372-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4372-1/"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0",
"refsource": "MISC",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/03/05/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2020/03/05/1"
},
{
"name": "openSUSE-SU-2020:0468",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html"
},
{
"name": "DSA-4665",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4665"
},
{
"name": "USN-4372-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4372-1/"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20382",
"datePublished": "2020-03-05T18:27:21",
"dateReserved": "2020-01-20T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8106
Vulnerability from cvelistv5
Published
2014-12-08 16:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a"
},
{
"name": "RHSA-2015:0795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html"
},
{
"name": "RHSA-2015:0624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
},
{
"name": "FEDORA-2015-5482",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"
},
{
"name": "RHSA-2015:0891",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html"
},
{
"name": "71477",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71477"
},
{
"name": "RHSA-2015:0643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html"
},
{
"name": "qemu-cve20148106-sec-bypass(99126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126"
},
{
"name": "60364",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60364"
},
{
"name": "RHSA-2015:0349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
},
{
"name": "RHSA-2015:0868",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html"
},
{
"name": "[Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0"
},
{
"name": "DSA-3088",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX200892"
},
{
"name": "DSA-3087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3087"
},
{
"name": "RHSA-2015:0867",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20141204 CVE-2014-8106 qemu: cirrus: insufficient blit region checks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/04/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bf25983345ca44aec3dd92c57142be45452bd38a"
},
{
"name": "RHSA-2015:0795",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0795.html"
},
{
"name": "RHSA-2015:0624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
},
{
"name": "FEDORA-2015-5482",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"
},
{
"name": "RHSA-2015:0891",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0891.html"
},
{
"name": "71477",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71477"
},
{
"name": "RHSA-2015:0643",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0643.html"
},
{
"name": "qemu-cve20148106-sec-bypass(99126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99126"
},
{
"name": "60364",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60364"
},
{
"name": "RHSA-2015:0349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
},
{
"name": "RHSA-2015:0868",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0868.html"
},
{
"name": "[Qemu-devel] 20141204 [PULL for-2.2 0/2] cirrus: fix blit region check (cve-2014-8106)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/qemu-devel/2014-12/msg00508.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d3532a0db02296e687711b8cdc7791924efccea0"
},
{
"name": "DSA-3088",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX200892"
},
{
"name": "DSA-3087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3087"
},
{
"name": "RHSA-2015:0867",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0867.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8106",
"datePublished": "2014-12-08T16:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8568
Vulnerability from cvelistv5
Published
2017-04-11 19:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/79721 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2015/12/15/10 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2016/dsa-3471 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1289816 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201602-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "79721",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79721"
},
{
"name": "[oss-security] 20151215 Re: CVE request Qemu: net: vmxnet3: host memory leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/10"
},
{
"name": "[qemu-devel] 20151215 Re: [Qemu-devel] net: vmxnet3: memory leakage issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289816"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "79721",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79721"
},
{
"name": "[oss-security] 20151215 Re: CVE request Qemu: net: vmxnet3: host memory leakage",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/15/10"
},
{
"name": "[qemu-devel] 20151215 Re: [Qemu-devel] net: vmxnet3: memory leakage issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289816"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-8568",
"datePublished": "2017-04-11T19:00:00",
"dateReserved": "2015-12-15T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13362
Vulnerability from cvelistv5
Published
2020-05-28 14:35
Modified
2024-08-04 12:18
Severity ?
EPSS score ?
Summary
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html | x_refsource_MISC | |
| https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/05/28/2 | x_refsource_CONFIRM | |
| https://security-tracker.debian.org/tracker/CVE-2020-13362 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200608-0003/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4728 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/202011-09 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:18.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/28/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2020-13362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0003/"
},
{
"name": "[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html"
},
{
"name": "DSA-4728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "openSUSE-SU-2020:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T05:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/28/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2020-13362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0003/"
},
{
"name": "[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html"
},
{
"name": "DSA-4728",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "openSUSE-SU-2020:1108",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-09"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg06250.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03131.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/05/28/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/05/28/2"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2020-13362",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2020-13362"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0003/"
},
{
"name": "[debian-lts-announce] 20200629 [SECURITY] [DLA 2262-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00032.html"
},
{
"name": "DSA-4728",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4728"
},
{
"name": "[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html"
},
{
"name": "openSUSE-SU-2020:1108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html"
},
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "GLSA-202011-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-09"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13362",
"datePublished": "2020-05-28T14:35:24",
"dateReserved": "2020-05-21T00:00:00",
"dateUpdated": "2024-08-04T12:18:18.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4964
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/05/24/7 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=06630554ccbdd25780aa03c3548aaff1eb56dffd | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/24/4 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160524 Re: CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/7"
},
{
"name": "[qemu-devel] 20160524 [PATCH] scsi: mptsas: infinite loop while fetching requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=06630554ccbdd25780aa03c3548aaff1eb56dffd"
},
{
"name": "[oss-security] 20160524 CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/4"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s-\u003estate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160524 Re: CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/7"
},
{
"name": "[qemu-devel] 20160524 [PATCH] scsi: mptsas: infinite loop while fetching requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=06630554ccbdd25780aa03c3548aaff1eb56dffd"
},
{
"name": "[oss-security] 20160524 CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/24/4"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4964",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-05-24T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2858
Vulnerability from cvelistv5
Published
2016-04-07 19:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/03/07/4 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1314676 | x_refsource_CONFIRM | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201604-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/84134 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-2974-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2016/03/04/1 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160306 Re: CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "84134",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84134"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[oss-security] 20160304 CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/04/1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20160306 Re: CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/07/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "84134",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84134"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "[oss-security] 20160304 CVE request Qemu: rng-random: arbitrary stack based allocation leading to corruption",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/04/1"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2858",
"datePublished": "2016-04-07T19:00:00",
"dateReserved": "2016-03-06T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3456
Vulnerability from cvelistv5
Published
2015-05-13 18:00
Modified
2024-08-06 05:47
Severity ?
EPSS score ?
Summary
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37053",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37053/"
},
{
"name": "1032306",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "SUSE-SU-2015:0889",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "DSA-3259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "SUSE-SU-2015:0929",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
},
{
"name": "SUSE-SU-2015:0896",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
},
{
"name": "GLSA-201612-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-27"
},
{
"name": "RHSA-2015:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
},
{
"name": "SUSE-SU-2015:0923",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
},
{
"name": "RHSA-2015:1001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
},
{
"name": "HPSBMU03336",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX201078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-133.html"
},
{
"name": "RHSA-2015:1003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
},
{
"name": "openSUSE-SU-2015:0893",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
},
{
"name": "1032917",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032917"
},
{
"name": "HPSBMU03349",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
},
{
"name": "RHSA-2015:0998",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
},
{
"name": "openSUSE-SU-2015:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
},
{
"name": "FEDORA-2015-8249",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa95"
},
{
"name": "RHSA-2015:1004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://venom.crowdstrike.com/"
},
{
"name": "RHSA-2015:1011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/venom"
},
{
"name": "SUSE-SU-2015:0927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "RHSA-2015:1002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
},
{
"name": "USN-2608-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2608-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
},
{
"name": "openSUSE-SU-2015:0983",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
},
{
"name": "1032311",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032311"
},
{
"name": "SSRT102076",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
},
{
"name": "DSA-3262",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3262"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "openSUSE-SU-2015:1400",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
},
{
"name": "74640",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74640"
},
{
"name": "DSA-3274",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/articles/1444903"
},
{
"name": "RHSA-2015:1000",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T16:32:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37053",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37053/"
},
{
"name": "1032306",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "SUSE-SU-2015:0889",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "DSA-3259",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "SUSE-SU-2015:0929",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
},
{
"name": "SUSE-SU-2015:0896",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
},
{
"name": "GLSA-201612-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-27"
},
{
"name": "RHSA-2015:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
},
{
"name": "SUSE-SU-2015:0923",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
},
{
"name": "RHSA-2015:1001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
},
{
"name": "HPSBMU03336",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX201078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-133.html"
},
{
"name": "RHSA-2015:1003",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
},
{
"name": "openSUSE-SU-2015:0893",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
},
{
"name": "1032917",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032917"
},
{
"name": "HPSBMU03349",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
},
{
"name": "RHSA-2015:0998",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
},
{
"name": "openSUSE-SU-2015:0894",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
},
{
"name": "FEDORA-2015-8249",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa95"
},
{
"name": "RHSA-2015:1004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://venom.crowdstrike.com/"
},
{
"name": "RHSA-2015:1011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/venom"
},
{
"name": "SUSE-SU-2015:0927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "RHSA-2015:1002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
},
{
"name": "USN-2608-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2608-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
},
{
"name": "openSUSE-SU-2015:0983",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
},
{
"name": "1032311",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032311"
},
{
"name": "SSRT102076",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
},
{
"name": "DSA-3262",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3262"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "openSUSE-SU-2015:1400",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
},
{
"name": "74640",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74640"
},
{
"name": "DSA-3274",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/articles/1444903"
},
{
"name": "RHSA-2015:1000",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37053",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37053/"
},
{
"name": "1032306",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032306"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "SUSE-SU-2015:0889",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
},
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "DSA-3259",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "SUSE-SU-2015:0929",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
},
{
"name": "SUSE-SU-2015:0896",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
},
{
"name": "GLSA-201612-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-27"
},
{
"name": "RHSA-2015:0999",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
},
{
"name": "SUSE-SU-2015:0923",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
},
{
"name": "RHSA-2015:1001",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
},
{
"name": "HPSBMU03336",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
},
{
"name": "http://support.citrix.com/article/CTX201078",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX201078"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-133.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-133.html"
},
{
"name": "RHSA-2015:1003",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
},
{
"name": "openSUSE-SU-2015:0893",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
},
{
"name": "1032917",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032917"
},
{
"name": "HPSBMU03349",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
},
{
"name": "RHSA-2015:0998",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
},
{
"name": "https://www.suse.com/security/cve/CVE-2015-3456.html",
"refsource": "CONFIRM",
"url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
},
{
"name": "openSUSE-SU-2015:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
},
{
"name": "FEDORA-2015-8249",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa95",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa95"
},
{
"name": "RHSA-2015:1004",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
},
{
"name": "http://venom.crowdstrike.com/",
"refsource": "MISC",
"url": "http://venom.crowdstrike.com/"
},
{
"name": "RHSA-2015:1011",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
},
{
"name": "https://support.lenovo.com/us/en/product_security/venom",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/venom"
},
{
"name": "SUSE-SU-2015:0927",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "RHSA-2015:1002",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
},
{
"name": "USN-2608-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2608-1"
},
{
"name": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/",
"refsource": "CONFIRM",
"url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
},
{
"name": "openSUSE-SU-2015:0983",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
},
{
"name": "1032311",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032311"
},
{
"name": "SSRT102076",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
},
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
},
{
"name": "DSA-3262",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3262"
},
{
"name": "GLSA-201602-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "openSUSE-SU-2015:1400",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
},
{
"name": "74640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74640"
},
{
"name": "DSA-3274",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3274"
},
{
"name": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
},
{
"name": "https://access.redhat.com/articles/1444903",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/articles/1444903"
},
{
"name": "RHSA-2015:1000",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3456",
"datePublished": "2015-05-13T18:00:00",
"dateReserved": "2015-04-29T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6833
Vulnerability from cvelistv5
Published
2016-12-10 00:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93255 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/08/12/1 | mailing-list, x_refsource_MLIST | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201609-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2016/08/18/3 | mailing-list, x_refsource_MLIST | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93255"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20160812 CVE request: Qemu net: vmxnet3: use after free while writing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/12/1"
},
{
"name": "[qemu-devel] 20160809 [PULL 2/3] net: vmxnet3: check for device_active before write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[oss-security] 20160817 Re: CVE request: Qemu net: vmxnet3: use after free while writing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "93255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93255"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[oss-security] 20160812 CVE request: Qemu net: vmxnet3: use after free while writing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/12/1"
},
{
"name": "[qemu-devel] 20160809 [PULL 2/3] net: vmxnet3: check for device_active before write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html"
},
{
"name": "GLSA-201609-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "[oss-security] 20160817 Re: CVE request: Qemu net: vmxnet3: use after free while writing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6833",
"datePublished": "2016-12-10T00:00:00",
"dateReserved": "2016-08-17T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3640
Vulnerability from cvelistv5
Published
2014-11-07 19:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3045 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1144818 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-0624.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2015-0349.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2014/dsa-3044 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html | mailing-list, x_refsource_MLIST | |
| http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html | mailing-list, x_refsource_MLIST | |
| http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2409-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3045",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144818"
},
{
"name": "RHSA-2015:0624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
},
{
"name": "RHSA-2015:0349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "[Qemu-devel] 20140923 Re: [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html"
},
{
"name": "[Qemu-devel] 20140918 [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html"
},
{
"name": "[Qemu-devel] 20140924 Re: [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3045",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144818"
},
{
"name": "RHSA-2015:0624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0624.html"
},
{
"name": "RHSA-2015:0349",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0349.html"
},
{
"name": "DSA-3044",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "[Qemu-devel] 20140923 Re: [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html"
},
{
"name": "[Qemu-devel] 20140918 [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html"
},
{
"name": "[Qemu-devel] 20140924 Re: [PATCH v2] slirp: udp: fix NULL pointer dereference because of uninitialized socket",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3640",
"datePublished": "2014-11-07T19:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2392
Vulnerability from cvelistv5
Published
2016-06-16 18:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/83274 | vdb-entry, x_refsource_BID | |
| https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/02/16/7 | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201604-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-2974-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=80eecda8e5d09c442c24307f340840a5b70ea3b9 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1302299 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html | mailing-list, x_refsource_MLIST | |
| http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "83274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83274"
},
{
"name": "[qemu-devel] 20160211 [Qemu-devel] [PATCH] usb: check USB configuration descriptor object",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html"
},
{
"name": "[oss-security] 20160216 CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/16/7"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=80eecda8e5d09c442c24307f340840a5b70ea3b9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302299"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-01T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "83274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83274"
},
{
"name": "[qemu-devel] 20160211 [Qemu-devel] [PATCH] usb: check USB configuration descriptor object",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.html"
},
{
"name": "[oss-security] 20160216 CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/16/7"
},
{
"name": "GLSA-201604-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-01"
},
{
"name": "USN-2974-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=80eecda8e5d09c442c24307f340840a5b70ea3b9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302299"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-stable] 20160329 [Qemu-stable] [ANNOUNCE] QEMU 2.5.1 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2392",
"datePublished": "2016-06-16T18:00:00",
"dateReserved": "2016-02-16T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27821
Vulnerability from cvelistv5
Published
2020-12-08 21:33
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1902651 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/12/16/6 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210115-0006/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:42.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902651"
},
{
"name": "[oss-security] 20201216 CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/16/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210115-0006/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 5.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787-\u003eCWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:30",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902651"
},
{
"name": "[oss-security] 20201216 CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/16/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210115-0006/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "prior to 5.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787-\u003eCWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1902651",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902651"
},
{
"name": "[oss-security] 20201216 CVE-2020-27821 QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/16/6"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210115-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210115-0006/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27821",
"datePublished": "2020-12-08T21:33:02",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:42.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11806
Vulnerability from cvelistv5
Published
2018-06-13 16:00
Modified
2024-08-05 08:17
Severity ?
EPSS score ?
Summary
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2762"
},
{
"name": "104400",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104400"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[qemu-devel] 20180605 [PATCH 1/2] slirp: correct size computation while concatenating mbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html"
},
{
"name": "[oss-security] 20180607 CVE-2018-11806 Qemu: slirp: heap buffer overflow while reassembling fragmented datagrams",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/06/07/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-567/"
},
{
"name": "RHSA-2018:2462",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2462"
},
{
"name": "RHSA-2018:2822",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2822"
},
{
"name": "RHSA-2018:2887",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2887"
},
{
"name": "[debian-lts-announce] 20190509 [SECURITY] [DLA 1781-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "RHSA-2019:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-24T15:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:2762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2762"
},
{
"name": "104400",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104400"
},
{
"name": "USN-3826-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[qemu-devel] 20180605 [PATCH 1/2] slirp: correct size computation while concatenating mbuf",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html"
},
{
"name": "[oss-security] 20180607 CVE-2018-11806 Qemu: slirp: heap buffer overflow while reassembling fragmented datagrams",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/06/07/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-567/"
},
{
"name": "RHSA-2018:2462",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2462"
},
{
"name": "RHSA-2018:2822",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2822"
},
{
"name": "RHSA-2018:2887",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2887"
},
{
"name": "[debian-lts-announce] 20190509 [SECURITY] [DLA 1781-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html"
},
{
"name": "DSA-4454",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "RHSA-2019:2892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2762",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2762"
},
{
"name": "104400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104400"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[qemu-devel] 20180605 [PATCH 1/2] slirp: correct size computation while concatenating mbuf",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html"
},
{
"name": "[oss-security] 20180607 CVE-2018-11806 Qemu: slirp: heap buffer overflow while reassembling fragmented datagrams",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/06/07/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1586245",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586245"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-567/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-567/"
},
{
"name": "RHSA-2018:2462",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2462"
},
{
"name": "RHSA-2018:2822",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2822"
},
{
"name": "RHSA-2018:2887",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2887"
},
{
"name": "[debian-lts-announce] 20190509 [SECURITY] [DLA 1781-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html"
},
{
"name": "DSA-4454",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4454"
},
{
"name": "20190531 [SECURITY] [DSA 4454-1] qemu security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/76"
},
{
"name": "RHSA-2019:2892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2892"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11806",
"datePublished": "2018-06-13T16:00:00",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-08-05T08:17:09.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35414
Vulnerability from cvelistv5
Published
2022-07-11 01:48
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:44.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/blob/f200ff158d5abcb974a6b597a962b6b2fbea2b06/softmmu/physmem.c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/blob/v7.0.0/include/exec/cpu-all.h#L145-L148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482.aa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1065"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg895266.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sick.codes/sick-2022-113"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., \"Bugs affecting the non-virtualization use case are not considered security bugs at this time."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T13:55:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/blob/f200ff158d5abcb974a6b597a962b6b2fbea2b06/softmmu/physmem.c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/blob/v7.0.0/include/exec/cpu-all.h#L145-L148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482.aa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1065"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg895266.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sick.codes/sick-2022-113"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., \"Bugs affecting the non-virtualization use case are not considered security bugs at this time.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/qemu/qemu/blob/f200ff158d5abcb974a6b597a962b6b2fbea2b06/softmmu/physmem.c",
"refsource": "MISC",
"url": "https://github.com/qemu/qemu/blob/f200ff158d5abcb974a6b597a962b6b2fbea2b06/softmmu/physmem.c"
},
{
"name": "https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c",
"refsource": "MISC",
"url": "https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c"
},
{
"name": "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482",
"refsource": "MISC",
"url": "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482"
},
{
"name": "https://github.com/qemu/qemu/blob/v7.0.0/include/exec/cpu-all.h#L145-L148",
"refsource": "MISC",
"url": "https://github.com/qemu/qemu/blob/v7.0.0/include/exec/cpu-all.h#L145-L148"
},
{
"name": "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482.aa",
"refsource": "MISC",
"url": "https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482.aa"
},
{
"name": "https://gitlab.com/qemu-project/qemu/-/issues/1065",
"refsource": "MISC",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1065"
},
{
"name": "https://www.mail-archive.com/qemu-devel@nongnu.org/msg895266.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/qemu-devel@nongnu.org/msg895266.html"
},
{
"name": "https://sick.codes/sick-2022-113",
"refsource": "MISC",
"url": "https://sick.codes/sick-2022-113"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
},
{
"name": "https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case",
"refsource": "MISC",
"url": "https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35414",
"datePublished": "2022-07-11T01:48:46",
"dateReserved": "2022-07-11T00:00:00",
"dateUpdated": "2024-08-03T09:36:44.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5957
Vulnerability from cvelistv5
Published
2017-03-14 14:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201707-06 | vendor-advisory, x_refsource_GENTOO | |
| https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96215 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2017/02/13/3 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1421126 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201707-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201707-06"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f"
},
{
"name": "96215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96215"
},
{
"name": "[oss-security] 20170213 CVE-2017-5957 Virglrenderer: stack overflow in vrend_decode_set_framebuffer_state",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/13/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the \"nr_cbufs\" argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201707-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201707-06"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f"
},
{
"name": "96215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96215"
},
{
"name": "[oss-security] 20170213 CVE-2017-5957 Virglrenderer: stack overflow in vrend_decode_set_framebuffer_state",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/02/13/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the \"nr_cbufs\" argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-06"
},
{
"name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f"
},
{
"name": "96215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96215"
},
{
"name": "[oss-security] 20170213 CVE-2017-5957 Virglrenderer: stack overflow in vrend_decode_set_framebuffer_state",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/13/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1421126",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5957",
"datePublished": "2017-03-14T14:00:00",
"dateReserved": "2017-02-10T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4149
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2014-0927.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html | vendor-advisory, x_refsource_FEDORA | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=98f93ddd84800f207889491e0b5d851386b459cf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0927.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=98f93ddd84800f207889491e0b5d851386b459cf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0927",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0927.html"
},
{
"name": "FEDORA-2014-6288",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=98f93ddd84800f207889491e0b5d851386b459cf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4149",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:30:50.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25085
Vulnerability from cvelistv5
Published
2020-09-25 04:09
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html | x_refsource_MISC | |
| https://bugs.launchpad.net/qemu/+bug/1892960 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/09/16/6 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20201009-0005/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2021/03/09/1 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1892960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/16/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
},
{
"name": "[debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html"
},
{
"name": "[oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/09/1"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1892960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/16/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
},
{
"name": "[debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html"
},
{
"name": "[oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/09/1"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html"
},
{
"name": "https://bugs.launchpad.net/qemu/+bug/1892960",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/qemu/+bug/1892960"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/09/16/6",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/09/16/6"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201009-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
},
{
"name": "[debian-lts-announce] 20201129 [SECURITY] [DLA 2469-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html"
},
{
"name": "[oss-security] 20210309 CVE-2021-3409 QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-25085",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/03/09/1"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25085",
"datePublished": "2020-09-25T04:09:43",
"dateReserved": "2020-09-02T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-16092
Vulnerability from cvelistv5
Published
2020-08-11 15:55
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/08/10/1 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200821-0006/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2020/dsa-4760 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/08/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0006/"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "DSA-4760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4760"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
},
{
"name": "openSUSE-SU-2020:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:13:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2020/08/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0006/"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "DSA-4760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4760"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
},
{
"name": "openSUSE-SU-2020:1664",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/08/10/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2020/08/10/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200821-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200821-0006/"
},
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "DSA-4760",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4760"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
},
{
"name": "openSUSE-SU-2020:1664",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html"
},
{
"name": "GLSA-202208-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16092",
"datePublished": "2020-08-11T15:55:29",
"dateReserved": "2020-07-28T00:00:00",
"dateUpdated": "2024-08-04T13:37:53.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15268
Vulnerability from cvelistv5
Published
2017-10-12 15:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.debian.org/security/2018/dsa-4213 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2018:0816 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/101277 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:1104 | vendor-advisory, x_refsource_REDHAT | |
| https://bugs.launchpad.net/qemu/+bug/1718964 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3575-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "101277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101277"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1718964"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[qemu-devel] 20171010 [PATCH v1 1/7] io: monitor encoutput buffer size from websocket GSource",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "101277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101277"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/qemu/+bug/1718964"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[qemu-devel] 20171010 [PATCH v1 1/7] io: monitor encoutput buffer size from websocket GSource",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "RHSA-2018:0816",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "101277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101277"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "https://bugs.launchpad.net/qemu/+bug/1718964",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/qemu/+bug/1718964"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[qemu-devel] 20171010 [PATCH v1 1/7] io: monitor encoutput buffer size from websocket GSource",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15268",
"datePublished": "2017-10-12T15:00:00",
"dateReserved": "2017-10-11T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0150
Vulnerability from cvelistv5
Published
2014-04-18 14:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1078846 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2910 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.ubuntu.com/usn/USN-2182-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2014/dsa-2909 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/57878 | third-party-advisory, x_refsource_SECUNIA | |
| http://article.gmane.org/gmane.comp.emulators.qemu/266768 | mailing-list, x_refsource_MLIST | |
| http://thread.gmane.org/gmane.comp.emulators.qemu/266713 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/58191 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078846"
},
{
"name": "DSA-2910",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2910"
},
{
"name": "USN-2182-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2182-1"
},
{
"name": "DSA-2909",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2909"
},
{
"name": "57878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57878"
},
{
"name": "[Qemu-devel] 20140411 Re: [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/266768"
},
{
"name": "[Qemu-devel] 20140411 [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.comp.emulators.qemu/266713"
},
{
"name": "58191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078846"
},
{
"name": "DSA-2910",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2910"
},
{
"name": "USN-2182-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2182-1"
},
{
"name": "DSA-2909",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2909"
},
{
"name": "57878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57878"
},
{
"name": "[Qemu-devel] 20140411 Re: [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/266768"
},
{
"name": "[Qemu-devel] 20140411 [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://thread.gmane.org/gmane.comp.emulators.qemu/266713"
},
{
"name": "58191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58191"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0150",
"datePublished": "2014-04-18T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13253
Vulnerability from cvelistv5
Published
2020-05-27 14:09
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/05/27/2 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1838546 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4467-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202011-09 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/27/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838546"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-09"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-05-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/27/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838546"
},
{
"name": "USN-4467-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
},
{
"name": "GLSA-202011-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-09"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/05/27/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/05/27/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1838546",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1838546"
},
{
"name": "USN-4467-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4467-1/"
},
{
"name": "[debian-lts-announce] 20200913 [SECURITY] [DLA 2373-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html"
},
{
"name": "GLSA-202011-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-09"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13253",
"datePublished": "2020-05-27T14:09:55",
"dateReserved": "2020-05-21T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5403
Vulnerability from cvelistv5
Published
2016-08-02 16:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2016:1756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1756.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-184.html"
},
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "RHSA-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1655.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358359"
},
{
"name": "RHSA-2016:1763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1763.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "RHSA-2016:1585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1585.html"
},
{
"name": "RHSA-2016:1653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1653.html"
},
{
"name": "RHSA-2016:1607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1607.html"
},
{
"name": "RHSA-2016:1654",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1654.html"
},
{
"name": "1036476",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036476"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "RHSA-2016:1606",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1606.html"
},
{
"name": "RHSA-2016:1586",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1586.html"
},
{
"name": "RHSA-2016:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1943.html"
},
{
"name": "92148",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92148"
},
{
"name": "RHSA-2016:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1652.html"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T10:06:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "RHSA-2016:1756",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1756.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-184.html"
},
{
"name": "USN-3047-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "RHSA-2016:1655",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1655.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358359"
},
{
"name": "RHSA-2016:1763",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1763.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "RHSA-2016:1585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1585.html"
},
{
"name": "RHSA-2016:1653",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1653.html"
},
{
"name": "RHSA-2016:1607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1607.html"
},
{
"name": "RHSA-2016:1654",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1654.html"
},
{
"name": "1036476",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036476"
},
{
"name": "USN-3047-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "RHSA-2016:1606",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1606.html"
},
{
"name": "RHSA-2016:1586",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1586.html"
},
{
"name": "RHSA-2016:1943",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1943.html"
},
{
"name": "92148",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92148"
},
{
"name": "RHSA-2016:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1652.html"
},
{
"name": "[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5403",
"datePublished": "2016-08-02T16:00:00",
"dateReserved": "2016-06-10T00:00:00",
"dateUpdated": "2024-08-06T01:00:59.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3461
Vulnerability from cvelistv5
Published
2014-11-04 21:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0743.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2014-0744.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html | vendor-advisory, x_refsource_FEDORA | |
| http://article.gmane.org/gmane.comp.emulators.qemu/272092 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "FEDORA-2014-6970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
},
{
"name": "[qemu-devel] 20140512 [PATCH] usb: fix up post load checks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to \"USB post load checks.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
},
{
"name": "RHSA-2014:0744",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "FEDORA-2014-6970",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
},
{
"name": "[qemu-devel] 20140512 [PATCH] usb: fix up post load checks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/272092"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3461",
"datePublished": "2014-11-04T21:00:00",
"dateReserved": "2014-05-13T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2861
Vulnerability from cvelistv5
Published
2023-12-06 06:19
Modified
2024-08-02 06:33
Severity ?
EPSS score ?
Summary
Qemu: 9pfs: improper access control on special files
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-2861 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2219266 | issue-tracking, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html | ||
| https://security.netapp.com/advisory/ntap-20240125-0005/ | ||
| https://security.netapp.com/advisory/ntap-20240229-0002/ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qemu",
"vendor": "qemu",
"versions": [
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2861",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T16:40:48.930612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:52.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2861"
},
{
"name": "RHBZ#2219266",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219266"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240125-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240229-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitlab.com/qemu-project/qemu",
"defaultStatus": "affected",
"packageName": "qemu",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8.1.0-rc0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jietao Xiao, Jinku Li, Wenbo Shen, and Yanwu Shen for reporting this issue."
}
],
"datePublic": "2023-06-07T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T13:40:08.248Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2861"
},
{
"name": "RHBZ#2219266",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219266"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240125-0005/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240229-0002/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-16T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-07T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: 9pfs: improper access control on special files",
"x_redhatCweChain": "CWE-284: Improper Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-2861",
"datePublished": "2023-12-06T06:19:40.625Z",
"dateReserved": "2023-05-24T07:54:12.009Z",
"dateUpdated": "2024-08-02T06:33:05.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3354
Vulnerability from cvelistv5
Published
2023-07-11 16:16
Modified
2024-08-02 06:55
Severity ?
EPSS score ?
Summary
Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3354 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2216478 | issue-tracking, x_refsource_REDHAT | |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/ | ||
| https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:00.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3354"
},
{
"name": "RHBZ#2216478",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm-rhev",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank jiangyegen (Huawei Vulnerability Management Center) and yexiao7 (Huawei Vulnerability Management Center) for reporting this issue."
}
],
"datePublic": "2023-06-28T00:00:00Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T16:16:56.294Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3354"
},
{
"name": "RHBZ#2216478",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-21T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-28T00:00:00Z",
"value": "Made public."
}
],
"title": "Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3354",
"datePublished": "2023-07-11T16:16:56.294Z",
"dateReserved": "2023-06-21T12:33:29.897Z",
"dateUpdated": "2024-08-02T06:55:00.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6227
Vulnerability from cvelistv5
Published
2007-12-04 18:00
Modified
2024-08-07 15:54
Severity ?
EPSS score ?
Summary
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/484429/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/26666 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 | vendor-advisory, x_refsource_MANDRIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38806 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/29129 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071130 QEMU code_gen_buffer overflow POC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484429/100/0/threaded"
},
{
"name": "26666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26666"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "qemu-translationblock-dos(38806)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38806"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an \"overflow,\" via certain Windows executable programs, as demonstrated by qemu-dos.com."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071130 QEMU code_gen_buffer overflow POC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484429/100/0/threaded"
},
{
"name": "26666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26666"
},
{
"name": "MDVSA-2008:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "qemu-translationblock-dos(38806)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38806"
},
{
"name": "29129",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an \"overflow,\" via certain Windows executable programs, as demonstrated by qemu-dos.com."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071130 QEMU code_gen_buffer overflow POC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484429/100/0/threaded"
},
{
"name": "26666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26666"
},
{
"name": "MDVSA-2008:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name": "qemu-translationblock-dos(38806)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38806"
},
{
"name": "29129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6227",
"datePublished": "2007-12-04T18:00:00",
"dateReserved": "2007-12-04T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17381
Vulnerability from cvelistv5
Published
2017-12-06 16:00
Modified
2024-08-05 20:51
Severity ?
EPSS score ?
Summary
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/12/05/2 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4213 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/102059 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/3575-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:30.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20171205 CVE-2017-17381 Qemu: virtio: divide by zero exception while updating rings",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/12/05/2"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "102059",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102059"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[qemu-devel] 20171201 [PULL 6/7] virtio: check VirtQueue Vring object is set",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20171205 CVE-2017-17381 Qemu: virtio: divide by zero exception while updating rings",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/12/05/2"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "102059",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102059"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[qemu-devel] 20171201 [PULL 6/7] virtio: check VirtQueue Vring object is set",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20171205 CVE-2017-17381 Qemu: virtio: divide by zero exception while updating rings",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/12/05/2"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "102059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102059"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "[qemu-devel] 20171201 [PULL 6/7] virtio: check VirtQueue Vring object is set",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17381",
"datePublished": "2017-12-06T16:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T20:51:30.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7504
Vulnerability from cvelistv5
Published
2017-10-16 20:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:2694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2694.html"
},
{
"name": "1034268",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034268"
},
{
"name": "78227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78227"
},
{
"name": "[oss-security] 20151130 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/30/2"
},
{
"name": "[Qemu-devel] 20151130 [PATCH for 2.5 1/2] net: pcnet: add check to validate receive data size(CVE-2015-7504)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-162.html"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "RHSA-2015:2696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2696.html"
},
{
"name": "RHSA-2015:2695",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2695.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:2694",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2694.html"
},
{
"name": "1034268",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034268"
},
{
"name": "78227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78227"
},
{
"name": "[oss-security] 20151130 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/30/2"
},
{
"name": "[Qemu-devel] 20151130 [PATCH for 2.5 1/2] net: pcnet: add check to validate receive data size(CVE-2015-7504)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-162.html"
},
{
"name": "DSA-3469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3469"
},
{
"name": "DSA-3470",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3470"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "DSA-3471",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3471"
},
{
"name": "GLSA-201602-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"name": "RHSA-2015:2696",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2696.html"
},
{
"name": "RHSA-2015:2695",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2695.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7504",
"datePublished": "2017-10-16T20:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9330
Vulnerability from cvelistv5
Published
2017-06-08 16:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3920 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/98779 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201706-03 | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2017/06/01/3 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1457697 | x_refsource_CONFIRM | |
| http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3920",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "98779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98779"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170601 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/01/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457697"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3920",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "98779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98779"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170601 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/01/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457697"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3920",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3920"
},
{
"name": "98779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98779"
},
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170601 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/06/01/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1457697",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457697"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=26f670a244982335cc08943fb1ec099a2c81e42d",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=26f670a244982335cc08943fb1ec099a2c81e42d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9330",
"datePublished": "2017-06-08T16:00:00",
"dateReserved": "2017-05-31T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26353
Vulnerability from cvelistv5
Published
2022-03-16 14:02
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220425-0003/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5133 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/"
},
{
"name": "DSA-5133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5133"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu-kvm",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affected QEMU version: 6.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T18:13:49",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220425-0003/"
},
{
"name": "DSA-5133",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5133"
},
{
"name": "GLSA-202208-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-27"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-26353",
"datePublished": "2022-03-16T14:02:33",
"dateReserved": "2022-03-02T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-3507
Vulnerability from cvelistv5
Published
2021-05-06 15:16
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1951118 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210528-0005/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0005/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "up to 6.0.0 (including)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:24",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210528-0005/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3507",
"datePublished": "2021-05-06T15:16:14",
"dateReserved": "2021-04-19T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25741
Vulnerability from cvelistv5
Published
2020-10-02 08:26
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05295.html | x_refsource_MISC | |
| https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/09/29/1 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20201009-0005/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05295.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-09T11:06:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05295.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05295.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05295.html"
},
{
"name": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1",
"refsource": "MISC",
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/09/29/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/09/29/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201009-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201009-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25741",
"datePublished": "2020-10-02T08:26:36",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2527
Vulnerability from cvelistv5
Published
2012-06-21 15:00
Modified
2024-08-06 23:00
Severity ?
EPSS score ?
Summary
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "qemu-runas-priv-escalation(68539)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68539"
},
{
"name": "[oss-security] 20110712 CVE Request: qemu -runas does not clear supplementary groups",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/5"
},
{
"name": "48659",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48659"
},
{
"name": "[oss-security] 20110712 Re: CVE Request: qemu -runas does not clear supplementary groups",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/15"
},
{
"name": "DSA-2282",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2011/dsa-2282"
},
{
"name": "47992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47992"
},
{
"name": "45419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45419"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/qemu/+bug/807893"
},
{
"name": "openSUSE-SU-2012:0207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html"
},
{
"name": "74752",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/74752"
},
{
"name": "47157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47157"
},
{
"name": "45188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45188"
},
{
"name": "USN-1177-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1177-1"
},
{
"name": "45187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45187"
},
{
"name": "FEDORA-2012-8604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html"
},
{
"name": "RHSA-2011:1531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1531.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "qemu-runas-priv-escalation(68539)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68539"
},
{
"name": "[oss-security] 20110712 CVE Request: qemu -runas does not clear supplementary groups",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/5"
},
{
"name": "48659",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48659"
},
{
"name": "[oss-security] 20110712 Re: CVE Request: qemu -runas does not clear supplementary groups",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/15"
},
{
"name": "DSA-2282",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2011/dsa-2282"
},
{
"name": "47992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47992"
},
{
"name": "45419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45419"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/qemu/+bug/807893"
},
{
"name": "openSUSE-SU-2012:0207",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html"
},
{
"name": "74752",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/74752"
},
{
"name": "47157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47157"
},
{
"name": "45188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45188"
},
{
"name": "USN-1177-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1177-1"
},
{
"name": "45187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45187"
},
{
"name": "FEDORA-2012-8604",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html"
},
{
"name": "RHSA-2011:1531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2011-1531.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2527",
"datePublished": "2012-06-21T15:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4158
Vulnerability from cvelistv5
Published
2022-08-24 15:10
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/qemu-project/qemu/-/issues/770 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2035002 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2021-4158 | x_refsource_MISC | |
| https://www.mail-archive.com/qemu-devel%40nongnu.org/msg857944.html | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/770"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035002"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4158"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg857944.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects v6.0.0 and above."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 - NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T15:10:39",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/issues/770"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035002"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4158"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg857944.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4158",
"datePublished": "2022-08-24T15:10:39",
"dateReserved": "2021-12-23T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11869
Vulnerability from cvelistv5
Published
2020-04-27 19:00
Modified
2024-08-04 11:42
Severity ?
EPSS score ?
Summary
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/04/24/2 | x_refsource_MISC | |
| https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4372-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/24/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7"
},
{
"name": "USN-4372-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4372-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-28T22:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/24/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7"
},
{
"name": "USN-4372-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4372-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2020/04/24/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2020/04/24/2"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commit;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7"
},
{
"name": "USN-4372-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4372-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11869",
"datePublished": "2020-04-27T19:00:34",
"dateReserved": "2020-04-17T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5263
Vulnerability from cvelistv5
Published
2014-08-26 14:00
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/08/04/1 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1126543 | x_refsource_MISC | |
| http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3afca1d6d413592c2b78cf28f52fa24a586d8f56 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/08/16/1 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2409-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:48.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140804 CVE Request -- qemu: missing field list terminator in vmstate_xhci_event",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/04/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126543"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3afca1d6d413592c2b78cf28f52fa24a586d8f56"
},
{
"name": "[oss-security] 20140815 Re: CVE Request -- qemu: missing field list terminator in vmstate_xhci_event",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/16/1"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-14T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140804 CVE Request -- qemu: missing field list terminator in vmstate_xhci_event",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/04/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126543"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3afca1d6d413592c2b78cf28f52fa24a586d8f56"
},
{
"name": "[oss-security] 20140815 Re: CVE Request -- qemu: missing field list terminator in vmstate_xhci_event",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/16/1"
},
{
"name": "USN-2409-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2409-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140804 CVE Request -- qemu: missing field list terminator in vmstate_xhci_event",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/04/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1126543",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126543"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3afca1d6d413592c2b78cf28f52fa24a586d8f56",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3afca1d6d413592c2b78cf28f52fa24a586d8f56"
},
{
"name": "[oss-security] 20140815 Re: CVE Request -- qemu: missing field list terminator in vmstate_xhci_event",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/16/1"
},
{
"name": "USN-2409-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2409-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5263",
"datePublished": "2014-08-26T14:00:00",
"dateReserved": "2014-08-15T00:00:00",
"dateUpdated": "2024-08-06T11:41:48.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201508-0166
Vulnerability from variot
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. QEMU is prone to a memory-corruption vulnerability because it fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code on the host with the privileges of the hosting QEMU process. Failed exploit attempts may result in a denial-of-service condition. The Linux kernel is the kernel used by the open source operating system Linux released by the American Linux Foundation. The NFSv4 implementation is one of the distributed file system protocols. QEMU (also known as Quick Emulator) is a set of analog processor software developed by French programmer Fabrice Bellard. The software has the characteristics of fast speed and cross-platform. There is a security vulnerability in the 'pit_ioport_read' function in the i8254.c file of Linux kernel 2.6.32 and earlier versions and QEMU 2.3.0 and earlier versions. The vulnerability is due to the fact that the program does not distinguish between read length and write length. Relevant releases/architectures:
RHEV-H and VDSM for 7 Hosts - x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: qemu-kvm security and bug fix update Advisory ID: RHSA-2015:1507-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1507.html Issue date: 2015-07-27 CVE Names: CVE-2015-3214 CVE-2015-5154 =====================================================================
- Summary:
Updated qemu-kvm packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM.
A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. (CVE-2015-5154)
An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. (CVE-2015-3214)
Red Hat would like to thank Matt Tait of Google's Project Zero security team for reporting the CVE-2015-3214 issue. The CVE-2015-5154 issue was discovered by Kevin Wolf of Red Hat.
This update also fixes the following bug:
- Due to an incorrect implementation of portable memory barriers, the QEMU emulator in some cases terminated unexpectedly when a virtual disk was under heavy I/O load. This update fixes the implementation in order to achieve correct synchronization between QEMU's threads. As a result, the described crash no longer occurs. (BZ#1233643)
All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1229640 - CVE-2015-3214 qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function 1243563 - CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm
x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm
x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm
ppc64: qemu-img-1.5.3-86.el7_1.5.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm
x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: libcacard-1.5.3-86.el7_1.5.ppc.rpm libcacard-1.5.3-86.el7_1.5.ppc64.rpm libcacard-devel-1.5.3-86.el7_1.5.ppc.rpm libcacard-devel-1.5.3-86.el7_1.5.ppc64.rpm libcacard-tools-1.5.3-86.el7_1.5.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm
x86_64: libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm
x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-3214 https://access.redhat.com/security/cve/CVE-2015-5154 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVtjQAXlSAg2UNWIIRAubOAJ9jPmZf7ZF+FHd+a7JxYxxRPAGx0wCgv5dX hlTFJ96W8Yn4W+ZR2yhsbBU= =i68a -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2692-1 July 28, 2015
qemu vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in QEMU. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-5154)
Zhu Donghai discovered that QEMU incorrectly handled the SCSI driver. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 15.04. (CVE-2015-5158)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: qemu-system 1:2.2+dfsg-5expubuntu9.3 qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.3 qemu-system-arm 1:2.2+dfsg-5expubuntu9.3 qemu-system-mips 1:2.2+dfsg-5expubuntu9.3 qemu-system-misc 1:2.2+dfsg-5expubuntu9.3 qemu-system-ppc 1:2.2+dfsg-5expubuntu9.3 qemu-system-sparc 1:2.2+dfsg-5expubuntu9.3 qemu-system-x86 1:2.2+dfsg-5expubuntu9.3
Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.15 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.15 qemu-system-arm 2.0.0+dfsg-2ubuntu1.15 qemu-system-mips 2.0.0+dfsg-2ubuntu1.15 qemu-system-misc 2.0.0+dfsg-2ubuntu1.15 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.15 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.15 qemu-system-x86 2.0.0+dfsg-2ubuntu1.15
After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
CVE-2015-5165
Donghai Zhu discovered that the QEMU model of the RTL8139 network
card did not sufficiently validate inputs in the C+ mode offload
emulation, allowing a malicious guest to read uninitialized memory
from the QEMU process's heap.
CVE-2015-5225
Mr Qinghao Tang from QIHU 360 Inc.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only affected by CVE-2015-5165 and CVE-2015-5745.
For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u2.
For the unstable distribution (sid), these problems have been fixed in version 1:2.4+dfsg-1a.
We recommend that you upgrade your qemu packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201510-02
https://security.gentoo.org/
Severity: Normal Title: QEMU: Arbitrary code execution Date: October 31, 2015 Bugs: #551752, #555680, #556050, #556052 ID: 201510-02
Synopsis
A heap-based buffer overflow in QEMU could result in execution of arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/qemu < 2.3.0-r4 >= 2.3.0-r4
Description
Heap-based buffer overflow has been found in QEMU's PCNET controller.
Workaround
There is no known workaround at this time.
Resolution
All QEMU users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.3.0-r4"
References
[ 1 ] CVE-2015-3209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209 [ 2 ] CVE-2015-3214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3214 [ 3 ] CVE-2015-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154 [ 4 ] CVE-2015-5158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5158
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201510-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eos",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": "4.14"
},
{
"model": "enterprise linux for power big endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4_ppc64"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "enterprise linux server from rhui",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "enterprise linux compute node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux compute node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux compute node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux for power big endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3_ppc64"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux compute node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux for power big endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1_ppc64"
},
{
"model": "eos",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": "4.12"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux compute node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1"
},
{
"model": "kernel",
"scope": "lte",
"trust": 1.0,
"vendor": "linux",
"version": "2.6.32"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux compute node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "eos",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": "4.15"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux for power big endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2_ppc64"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux for power big endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6_ppc64"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "emc px12-400r ivx",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.0.10.33264"
},
{
"model": "emc px12-450r ivx",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.0.10.33264"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux compute node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "qemu",
"scope": "lte",
"trust": 1.0,
"vendor": "qemu",
"version": "2.3.0"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "eos",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": "4.13"
},
{
"model": "enterprise linux for power big endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7_ppc64"
},
{
"model": "enterprise linux for power big endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5_ppc64"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "qemu",
"scope": "lt",
"trust": 0.8,
"vendor": "fabrice bellard",
"version": "2.3.1"
},
{
"model": "kernel",
"scope": "lt",
"trust": 0.8,
"vendor": "linux",
"version": "2.6.33"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.6,
"vendor": "linux",
"version": "2.6.32"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "enterprise virtualization hypervisor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "qemu",
"scope": "eq",
"trust": 0.3,
"vendor": "qemu",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "powerkvm build",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.158"
}
],
"sources": [
{
"db": "BID",
"id": "75273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004512"
},
{
"db": "NVD",
"id": "CVE-2015-3214"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6.32",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:emc_px12-450r_ivx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.10.33264",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:emc_px12-400r_ivx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.10.33264",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.1_ppc64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3214"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matt Tait of Google\u0027s Project Zero.",
"sources": [
{
"db": "BID",
"id": "75273"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-3214",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-81175",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3214",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-371",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81175",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-3214",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81175"
},
{
"db": "VULMON",
"id": "CVE-2015-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004512"
},
{
"db": "NVD",
"id": "CVE-2015-3214"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. QEMU is prone to a memory-corruption vulnerability because it fails to perform adequate boundary-checks on user-supplied data. \nAn attacker can exploit this issue to execute arbitrary code on the host with the privileges of the hosting QEMU process. Failed exploit attempts may result in a denial-of-service condition. The Linux kernel is the kernel used by the open source operating system Linux released by the American Linux Foundation. The NFSv4 implementation is one of the distributed file system protocols. QEMU (also known as Quick Emulator) is a set of analog processor software developed by French programmer Fabrice Bellard. The software has the characteristics of fast speed and cross-platform. There is a security vulnerability in the \u0027pit_ioport_read\u0027 function in the i8254.c file of Linux kernel 2.6.32 and earlier versions and QEMU 2.3.0 and earlier versions. The vulnerability is due to the fact that the program does not distinguish between read length and write length. Relevant releases/architectures:\n\nRHEV-H and VDSM for 7 Hosts - x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: qemu-kvm security and bug fix update\nAdvisory ID: RHSA-2015:1507-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1507.html\nIssue date: 2015-07-27\nCVE Names: CVE-2015-3214 CVE-2015-5154 \n=====================================================================\n\n1. Summary:\n\nUpdated qemu-kvm packages that fix two security issues and one bug are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM. \n\nA heap buffer overflow flaw was found in the way QEMU\u0027s IDE subsystem\nhandled I/O buffer access while processing certain ATAPI commands. \n(CVE-2015-5154)\n\nAn out-of-bounds memory access flaw, leading to memory corruption or\npossibly an information leak, was found in QEMU\u0027s pit_ioport_read()\nfunction. (CVE-2015-3214)\n\nRed Hat would like to thank Matt Tait of Google\u0027s Project Zero security\nteam for reporting the CVE-2015-3214 issue. The CVE-2015-5154 issue was\ndiscovered by Kevin Wolf of Red Hat. \n\nThis update also fixes the following bug:\n\n* Due to an incorrect implementation of portable memory barriers, the QEMU\nemulator in some cases terminated unexpectedly when a virtual disk was\nunder heavy I/O load. This update fixes the implementation in order to\nachieve correct synchronization between QEMU\u0027s threads. As a result, the\ndescribed crash no longer occurs. (BZ#1233643)\n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1229640 - CVE-2015-3214 qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function\n1243563 - CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nqemu-kvm-1.5.3-86.el7_1.5.src.rpm\n\nx86_64:\nlibcacard-1.5.3-86.el7_1.5.i686.rpm\nlibcacard-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-img-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibcacard-devel-1.5.3-86.el7_1.5.i686.rpm\nlibcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm\nlibcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nqemu-kvm-1.5.3-86.el7_1.5.src.rpm\n\nx86_64:\nlibcacard-1.5.3-86.el7_1.5.i686.rpm\nlibcacard-1.5.3-86.el7_1.5.x86_64.rpm\nlibcacard-devel-1.5.3-86.el7_1.5.i686.rpm\nlibcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm\nlibcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-img-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nqemu-kvm-1.5.3-86.el7_1.5.src.rpm\n\nppc64:\nqemu-img-1.5.3-86.el7_1.5.ppc64.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm\n\nx86_64:\nlibcacard-1.5.3-86.el7_1.5.i686.rpm\nlibcacard-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-img-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibcacard-1.5.3-86.el7_1.5.ppc.rpm\nlibcacard-1.5.3-86.el7_1.5.ppc64.rpm\nlibcacard-devel-1.5.3-86.el7_1.5.ppc.rpm\nlibcacard-devel-1.5.3-86.el7_1.5.ppc64.rpm\nlibcacard-tools-1.5.3-86.el7_1.5.ppc64.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm\n\nx86_64:\nlibcacard-devel-1.5.3-86.el7_1.5.i686.rpm\nlibcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm\nlibcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nqemu-kvm-1.5.3-86.el7_1.5.src.rpm\n\nx86_64:\nlibcacard-1.5.3-86.el7_1.5.i686.rpm\nlibcacard-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-img-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibcacard-devel-1.5.3-86.el7_1.5.i686.rpm\nlibcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm\nlibcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm\nqemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3214\nhttps://access.redhat.com/security/cve/CVE-2015-5154\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVtjQAXlSAg2UNWIIRAubOAJ9jPmZf7ZF+FHd+a7JxYxxRPAGx0wCgv5dX\nhlTFJ96W8Yn4W+ZR2yhsbBU=\n=i68a\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ============================================================================\nUbuntu Security Notice USN-2692-1\nJuly 28, 2015\n\nqemu vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in QEMU. In the default installation, when QEMU is\nused with libvirt, attackers would be isolated by the libvirt AppArmor\nprofile. In the default installation, when QEMU is used with\nlibvirt, attackers would be isolated by the libvirt AppArmor profile. \n(CVE-2015-5154)\n\nZhu Donghai discovered that QEMU incorrectly handled the SCSI driver. In the default installation, when QEMU is used with libvirt,\nattackers would be isolated by the libvirt AppArmor profile. This issue\nonly affected Ubuntu 15.04. (CVE-2015-5158)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n qemu-system 1:2.2+dfsg-5expubuntu9.3\n qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.3\n qemu-system-arm 1:2.2+dfsg-5expubuntu9.3\n qemu-system-mips 1:2.2+dfsg-5expubuntu9.3\n qemu-system-misc 1:2.2+dfsg-5expubuntu9.3\n qemu-system-ppc 1:2.2+dfsg-5expubuntu9.3\n qemu-system-sparc 1:2.2+dfsg-5expubuntu9.3\n qemu-system-x86 1:2.2+dfsg-5expubuntu9.3\n\nUbuntu 14.04 LTS:\n qemu-system 2.0.0+dfsg-2ubuntu1.15\n qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.15\n qemu-system-arm 2.0.0+dfsg-2ubuntu1.15\n qemu-system-mips 2.0.0+dfsg-2ubuntu1.15\n qemu-system-misc 2.0.0+dfsg-2ubuntu1.15\n qemu-system-ppc 2.0.0+dfsg-2ubuntu1.15\n qemu-system-sparc 2.0.0+dfsg-2ubuntu1.15\n qemu-system-x86 2.0.0+dfsg-2ubuntu1.15\n\nAfter a standard system update you need to restart all QEMU virtual\nmachines to make all the necessary changes. \n\nCVE-2015-5165\n\n Donghai Zhu discovered that the QEMU model of the RTL8139 network\n card did not sufficiently validate inputs in the C+ mode offload\n emulation, allowing a malicious guest to read uninitialized memory\n from the QEMU process\u0027s heap. \n\nCVE-2015-5225\n\n Mr Qinghao Tang from QIHU 360 Inc. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only\naffected by CVE-2015-5165 and CVE-2015-5745. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:2.4+dfsg-1a. \n\nWe recommend that you upgrade your qemu packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201510-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: QEMU: Arbitrary code execution\n Date: October 31, 2015\n Bugs: #551752, #555680, #556050, #556052\n ID: 201510-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA heap-based buffer overflow in QEMU could result in execution of\narbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/qemu \u003c 2.3.0-r4 \u003e= 2.3.0-r4\n\nDescription\n===========\n\nHeap-based buffer overflow has been found in QEMU\u0027s PCNET controller. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll QEMU users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/qemu-2.3.0-r4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-3209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209\n[ 2 ] CVE-2015-3214\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3214\n[ 3 ] CVE-2015-5154\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154\n[ 4 ] CVE-2015-5158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5158\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201510-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004512"
},
{
"db": "BID",
"id": "75273"
},
{
"db": "VULHUB",
"id": "VHN-81175"
},
{
"db": "VULMON",
"id": "CVE-2015-3214"
},
{
"db": "PACKETSTORM",
"id": "132839"
},
{
"db": "PACKETSTORM",
"id": "132859"
},
{
"db": "PACKETSTORM",
"id": "132838"
},
{
"db": "PACKETSTORM",
"id": "132855"
},
{
"db": "PACKETSTORM",
"id": "133422"
},
{
"db": "PACKETSTORM",
"id": "134165"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-81175",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37990",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81175"
},
{
"db": "VULMON",
"id": "CVE-2015-3214"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3214",
"trust": 3.5
},
{
"db": "BID",
"id": "75273",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1032598",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "37990",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/06/25/7",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004512",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-371",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "133422",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132859",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132855",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132838",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132839",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-81175",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134165",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81175"
},
{
"db": "VULMON",
"id": "CVE-2015-3214"
},
{
"db": "BID",
"id": "75273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004512"
},
{
"db": "PACKETSTORM",
"id": "132839"
},
{
"db": "PACKETSTORM",
"id": "132859"
},
{
"db": "PACKETSTORM",
"id": "132838"
},
{
"db": "PACKETSTORM",
"id": "132855"
},
{
"db": "PACKETSTORM",
"id": "133422"
},
{
"db": "PACKETSTORM",
"id": "134165"
},
{
"db": "NVD",
"id": "CVE-2015-3214"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
]
},
"id": "VAR-201508-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81175"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:48:38.431000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KVM: PIT: control word is write-only",
"trust": 0.8,
"url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924"
},
{
"title": "Linux Kernel Archives",
"trust": 0.8,
"url": "http://www.kernel.org"
},
{
"title": "KVM: PIT: control word is write-only",
"trust": 0.8,
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924"
},
{
"title": "Main Page",
"trust": 0.8,
"url": "http://wiki.qemu.org/main_page"
},
{
"title": "Bug 1229640",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
},
{
"title": "Linux kernel and QEMU\u2018pit_ioport_read()\u2019 Fixes for function buffer error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=179689"
},
{
"title": "Ubuntu Security Notice: qemu vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2692-1"
},
{
"title": "Red Hat: CVE-2015-3214",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3214"
},
{
"title": "Debian Security Advisories: DSA-3348-1 qemu -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e77a95c04be0a28f98566f006db46f03"
},
{
"title": "Debian CVElist Bug Report Logs: qemu: CVE-2015-5225: ui: vnc: heap memory corruption in vnc_refresh_server_surface",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d315b3f2df801c1586a4d3ea5f0ef1c4"
},
{
"title": "Debian CVElist Bug Report Logs: qemu: CVE-2015-5158: scsi stack buffer overflow",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2bc68b0a8f94995d352f509d204ba98b"
},
{
"title": "Debian CVElist Bug Report Logs: qemu: CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=78f6b481a815feb050c6fe696b774caa"
},
{
"title": "Debian CVElist Bug Report Logs: qemu: CVE-2015-3214: i8254: out-of-bounds memory access in pit_ioport_read function",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3e5707b2974af878892901fb1518c885"
},
{
"title": "Debian CVElist Bug Report Logs: qemu: CVE-2015-5745: buffer overflow in virtio-serial",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b661eddefc5e1edaa146807f1a72ab9d"
},
{
"title": "Debian CVElist Bug Report Logs: qemu: CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ac31639f0a78082f2e78528ea7e0203f"
},
{
"title": "Debian CVElist Bug Report Logs: qemu: CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0e14e001f6f939c9dca39f2c06ec9285"
},
{
"title": "cve_diff_checker",
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker "
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/cve-study "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004512"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004512"
},
{
"db": "NVD",
"id": "CVE-2015-3214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/37990/"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/75273"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1507.html"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1508.html"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1512.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1032598"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2015/06/25/7"
},
{
"trust": 1.8,
"url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html"
},
{
"trust": 1.8,
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924"
},
{
"trust": 1.8,
"url": "http://mirror.linux.org.au/linux/kernel/v2.6/changelog-2.6.33"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
},
{
"trust": 1.8,
"url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924"
},
{
"trust": 1.8,
"url": "https://support.lenovo.com/product_security/qemu"
},
{
"trust": 1.8,
"url": "https://support.lenovo.com/us/en/product_security/qemu"
},
{
"trust": 1.8,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2015-3214"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3214"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3214"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5154"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3214"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2015:1507"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2015:1508"
},
{
"trust": 0.6,
"url": "https://www.mail-archive.com/qemu-devel@nongnu.org/msg304138.html"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2015:1512"
},
{
"trust": 0.3,
"url": "http://wiki.qemu.org/main_page"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-5154"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5158"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2692-1/"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2692-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/qemu/1:2.2+dfsg-5expubuntu9.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.15"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5225"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5165"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3214"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5158"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3209"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81175"
},
{
"db": "VULMON",
"id": "CVE-2015-3214"
},
{
"db": "BID",
"id": "75273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004512"
},
{
"db": "PACKETSTORM",
"id": "132839"
},
{
"db": "PACKETSTORM",
"id": "132859"
},
{
"db": "PACKETSTORM",
"id": "132838"
},
{
"db": "PACKETSTORM",
"id": "132855"
},
{
"db": "PACKETSTORM",
"id": "133422"
},
{
"db": "PACKETSTORM",
"id": "134165"
},
{
"db": "NVD",
"id": "CVE-2015-3214"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81175"
},
{
"db": "VULMON",
"id": "CVE-2015-3214"
},
{
"db": "BID",
"id": "75273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004512"
},
{
"db": "PACKETSTORM",
"id": "132839"
},
{
"db": "PACKETSTORM",
"id": "132859"
},
{
"db": "PACKETSTORM",
"id": "132838"
},
{
"db": "PACKETSTORM",
"id": "132855"
},
{
"db": "PACKETSTORM",
"id": "133422"
},
{
"db": "PACKETSTORM",
"id": "134165"
},
{
"db": "NVD",
"id": "CVE-2015-3214"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-81175"
},
{
"date": "2015-08-31T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3214"
},
{
"date": "2015-06-17T00:00:00",
"db": "BID",
"id": "75273"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004512"
},
{
"date": "2015-07-27T15:37:06",
"db": "PACKETSTORM",
"id": "132839"
},
{
"date": "2015-07-29T01:13:01",
"db": "PACKETSTORM",
"id": "132859"
},
{
"date": "2015-07-27T15:36:52",
"db": "PACKETSTORM",
"id": "132838"
},
{
"date": "2015-07-29T00:57:08",
"db": "PACKETSTORM",
"id": "132855"
},
{
"date": "2015-09-03T22:28:25",
"db": "PACKETSTORM",
"id": "133422"
},
{
"date": "2015-11-02T16:49:11",
"db": "PACKETSTORM",
"id": "134165"
},
{
"date": "2015-08-31T10:59:07.580000",
"db": "NVD",
"id": "CVE-2015-3214"
},
{
"date": "2015-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-81175"
},
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3214"
},
{
"date": "2015-12-08T22:03:00",
"db": "BID",
"id": "75273"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004512"
},
{
"date": "2023-02-13T00:48:24.553000",
"db": "NVD",
"id": "CVE-2015-3214"
},
{
"date": "2023-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Kernel and QEMU of i8254.c of pit_ioport_read Host in OS Vulnerabilities in arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004512"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-371"
}
],
"trust": 0.6
}
}
var-201401-0178
Vulnerability from variot
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. Xen is an open source virtual machine monitor developed by the University of Cambridge. Xen 4.2.x, 4.3.x have errors related to mapping authorization references. A domain can be exploited to leak, and then another domain that shares the driver domain is denied service status. Xen is prone to a denial-of-service vulnerability. Successful exploits may allow an attacker to cause a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-03
http://security.gentoo.org/
Severity: High Title: Xen: Multiple Vunlerabilities Date: July 16, 2014 Bugs: #440768, #484478, #486354, #497082, #497084, #497086, #499054, #499124, #500528, #500530, #500536, #501080, #501906, #505714, #509054, #513824 ID: 201407-03
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution.
Background
Xen is a bare-metal hypervisor.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulations/xen < 4.3.2-r4 >= 4.3.2-r4 >= 4.2.4-r4 2 app-emulations/xen-tools < 4.3.2-r5 >= 4.3.2-r5 >= 4.2.4-r6 3 app-emulations/xen-pvgrub < 4.3.2 >= 4.3.2 >= 4.2.4 ------------------------------------------------------------------- 3 affected packages
Description
Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to data on the host.
Workaround
There is no known workaround at this time.
Resolution
All Xen 4.3 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.3.2-r2"
All Xen 4.2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.2.4-r2"
All xen-tools 4.3 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-tools-4.3.2-r2"
All xen-tools 4.2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-tools-4.2.4-r2"
All Xen PVGRUB 4.3 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-pvgrub-4.3.2"
All Xen PVGRUB 4.2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-pvgrub-4.2.4"
References
[ 1 ] CVE-2013-1442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1442 [ 2 ] CVE-2013-4329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4329 [ 3 ] CVE-2013-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4355 [ 4 ] CVE-2013-4356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4356 [ 5 ] CVE-2013-4361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4361 [ 6 ] CVE-2013-4368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4368 [ 7 ] CVE-2013-4369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4369 [ 8 ] CVE-2013-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4370 [ 9 ] CVE-2013-4371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4371 [ 10 ] CVE-2013-4375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4375 [ 11 ] CVE-2013-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4416 [ 12 ] CVE-2013-4494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4494 [ 13 ] CVE-2013-4551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4551 [ 14 ] CVE-2013-4553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553 [ 15 ] CVE-2013-4554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4554 [ 16 ] CVE-2013-6375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6375 [ 17 ] CVE-2013-6400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6400 [ 18 ] CVE-2013-6885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885 [ 19 ] CVE-2013-6885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885 [ 20 ] CVE-2014-1642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642 [ 21 ] CVE-2014-1666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666 [ 22 ] CVE-2014-1891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1891 [ 23 ] CVE-2014-1892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1892 [ 24 ] CVE-2014-1893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1893 [ 25 ] CVE-2014-1894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1894 [ 26 ] CVE-2014-1895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895 [ 27 ] CVE-2014-1896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896 [ 28 ] CVE-2014-2599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599 [ 29 ] CVE-2014-3124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3124 [ 30 ] CVE-2014-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-03.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2092-1 January 30, 2014
qemu, qemu-kvm vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer
Details:
Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. (CVE-2013-4344)
It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4375)
Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. This issue only affected Ubuntu 13.10. (CVE-2013-4377)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: qemu-system 1.5.0+dfsg-3ubuntu5.3 qemu-system-arm 1.5.0+dfsg-3ubuntu5.3 qemu-system-mips 1.5.0+dfsg-3ubuntu5.3 qemu-system-misc 1.5.0+dfsg-3ubuntu5.3 qemu-system-ppc 1.5.0+dfsg-3ubuntu5.3 qemu-system-sparc 1.5.0+dfsg-3ubuntu5.3 qemu-system-x86 1.5.0+dfsg-3ubuntu5.3
Ubuntu 12.10: qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.6
Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.13
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2092-1 CVE-2013-4344, CVE-2013-4375, CVE-2013-4377
Package Information: https://launchpad.net/ubuntu/+source/qemu/1.5.0+dfsg-3ubuntu5.3 https://launchpad.net/ubuntu/+source/qemu-kvm/1.2.0+noroms-0ubuntu2.12.10.6 https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.13
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "qemu",
"scope": "eq",
"trust": 1.6,
"vendor": "qemu",
"version": "1.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 1.0,
"vendor": "xen",
"version": "4.2.3"
},
{
"model": "xen",
"scope": "eq",
"trust": 1.0,
"vendor": "xen",
"version": "4.2.2"
},
{
"model": "xen",
"scope": "eq",
"trust": 1.0,
"vendor": "xen",
"version": "4.3.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 1.0,
"vendor": "xen",
"version": "4.2.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 1.0,
"vendor": "xen",
"version": "4.2.0"
},
{
"model": "qemu",
"scope": "eq",
"trust": 0.8,
"vendor": "fabrice bellard",
"version": "1.1 and other versions"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.8,
"vendor": "xen",
"version": "4.2.x"
},
{
"model": "xen",
"scope": "lt",
"trust": 0.8,
"vendor": "xen",
"version": "4.3.x"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.8,
"vendor": "xen",
"version": "4.3.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.6,
"vendor": "xensource",
"version": "4.2.x"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.6,
"vendor": "xensource",
"version": "4.3.x"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.3"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13722"
},
{
"db": "BID",
"id": "62934"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005859"
},
{
"db": "NVD",
"id": "CVE-2013-4375"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-521"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4375"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Coverity Scan and Matthew Daley",
"sources": [
{
"db": "BID",
"id": "62934"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-521"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 2.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-4375",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2013-13722",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4375",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2013-13722",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-521",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13722"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005859"
},
{
"db": "NVD",
"id": "CVE-2013-4375"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-521"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. Xen is an open source virtual machine monitor developed by the University of Cambridge. Xen 4.2.x, 4.3.x have errors related to mapping authorization references. A domain can be exploited to leak, and then another domain that shares the driver domain is denied service status. Xen is prone to a denial-of-service vulnerability. \nSuccessful exploits may allow an attacker to cause a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201407-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Xen: Multiple Vunlerabilities\n Date: July 16, 2014\n Bugs: #440768, #484478, #486354, #497082, #497084, #497086,\n #499054, #499124, #500528, #500530, #500536, #501080,\n #501906, #505714, #509054, #513824\n ID: 201407-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncould lead to arbitrary code execution. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulations/xen \u003c 4.3.2-r4 \u003e= 4.3.2-r4 \n *\u003e= 4.2.4-r4 \n 2 app-emulations/xen-tools\n \u003c 4.3.2-r5 \u003e= 4.3.2-r5 \n *\u003e= 4.2.4-r6 \n 3 app-emulations/xen-pvgrub\n \u003c 4.3.2 *\u003e= 4.3.2 \n *\u003e= 4.2.4 \n -------------------------------------------------------------------\n 3 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker can utilize multiple vectors to execute arbitrary\ncode, cause Denial of Service, or gain access to data on the host. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen 4.3 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulations/xen-4.3.2-r2\"\n\nAll Xen 4.2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulations/xen-4.2.4-r2\"\n\nAll xen-tools 4.3 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-emulations/xen-tools-4.3.2-r2\"\n\nAll xen-tools 4.2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-emulations/xen-tools-4.2.4-r2\"\n\nAll Xen PVGRUB 4.3 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-emulations/xen-pvgrub-4.3.2\"\n\nAll Xen PVGRUB 4.2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-emulations/xen-pvgrub-4.2.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-1442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1442\n[ 2 ] CVE-2013-4329\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4329\n[ 3 ] CVE-2013-4355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4355\n[ 4 ] CVE-2013-4356\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4356\n[ 5 ] CVE-2013-4361\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4361\n[ 6 ] CVE-2013-4368\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4368\n[ 7 ] CVE-2013-4369\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4369\n[ 8 ] CVE-2013-4370\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4370\n[ 9 ] CVE-2013-4371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4371\n[ 10 ] CVE-2013-4375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4375\n[ 11 ] CVE-2013-4416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4416\n[ 12 ] CVE-2013-4494\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4494\n[ 13 ] CVE-2013-4551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4551\n[ 14 ] CVE-2013-4553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553\n[ 15 ] CVE-2013-4554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4554\n[ 16 ] CVE-2013-6375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6375\n[ 17 ] CVE-2013-6400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6400\n[ 18 ] CVE-2013-6885\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885\n[ 19 ] CVE-2013-6885\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885\n[ 20 ] CVE-2014-1642\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642\n[ 21 ] CVE-2014-1666\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666\n[ 22 ] CVE-2014-1891\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1891\n[ 23 ] CVE-2014-1892\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1892\n[ 24 ] CVE-2014-1893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1893\n[ 25 ] CVE-2014-1894\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1894\n[ 26 ] CVE-2014-1895\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895\n[ 27 ] CVE-2014-1896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896\n[ 28 ] CVE-2014-2599\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599\n[ 29 ] CVE-2014-3124\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3124\n[ 30 ] CVE-2014-4021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2092-1\nJanuary 30, 2014\n\nqemu, qemu-kvm vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in QEMU. \n\nSoftware Description:\n- qemu: Machine emulator and virtualizer\n- qemu-kvm: Machine emulator and virtualizer\n\nDetails:\n\nAsias He discovered that QEMU incorrectly handled SCSI controllers with\nmore than 256 attached devices. A local user could possibly use this flaw\nto elevate privileges. (CVE-2013-4344)\n\nIt was discovered that QEMU incorrectly handled Xen disks. A local guest\ncould possibly use this flaw to consume resources, resulting in a denial of\nservice. This issue only affected Ubuntu 12.10 and Ubuntu 13.10. \n(CVE-2013-4375)\n\nSibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. \nA local user could possibly use this flaw to cause a denial of service. \nThis issue only affected Ubuntu 13.10. (CVE-2013-4377)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n qemu-system 1.5.0+dfsg-3ubuntu5.3\n qemu-system-arm 1.5.0+dfsg-3ubuntu5.3\n qemu-system-mips 1.5.0+dfsg-3ubuntu5.3\n qemu-system-misc 1.5.0+dfsg-3ubuntu5.3\n qemu-system-ppc 1.5.0+dfsg-3ubuntu5.3\n qemu-system-sparc 1.5.0+dfsg-3ubuntu5.3\n qemu-system-x86 1.5.0+dfsg-3ubuntu5.3\n\nUbuntu 12.10:\n qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.6\n\nUbuntu 12.04 LTS:\n qemu-kvm 1.0+noroms-0ubuntu14.13\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2092-1\n CVE-2013-4344, CVE-2013-4375, CVE-2013-4377\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/qemu/1.5.0+dfsg-3ubuntu5.3\n https://launchpad.net/ubuntu/+source/qemu-kvm/1.2.0+noroms-0ubuntu2.12.10.6\n https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.13\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4375"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005859"
},
{
"db": "CNVD",
"id": "CNVD-2013-13722"
},
{
"db": "BID",
"id": "62934"
},
{
"db": "PACKETSTORM",
"id": "127477"
},
{
"db": "PACKETSTORM",
"id": "125004"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4375",
"trust": 3.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/10/10/14",
"trust": 2.2
},
{
"db": "BID",
"id": "62934",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005859",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "55229",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-13722",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20131010 XEN SECURITY ADVISORY 71 (CVE-2013-4375) - QEMU DISK BACKEND (QDISK) RESOURCE LEAK",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "56227",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "56231",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "56069",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201310-521",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "127477",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125004",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13722"
},
{
"db": "BID",
"id": "62934"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005859"
},
{
"db": "PACKETSTORM",
"id": "127477"
},
{
"db": "PACKETSTORM",
"id": "125004"
},
{
"db": "NVD",
"id": "CVE-2013-4375"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-521"
}
]
},
"id": "VAR-201401-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13722"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13722"
}
]
},
"last_update_date": "2023-12-18T11:13:48.986000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Xen 4.3.1",
"trust": 0.8,
"url": "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html"
},
{
"title": "Main Page",
"trust": 0.8,
"url": "http://wiki.qemu.org/main_page"
},
{
"title": "XSA-71",
"trust": 0.8,
"url": "http://xenbits.xen.org/xsa/advisory-71.html"
},
{
"title": "Xen QEMU Mapping Authorization Reference Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/40192"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13722"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005859"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005859"
},
{
"db": "NVD",
"id": "CVE-2013-4375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.openwall.com/lists/oss-security/2013/10/10/14"
},
{
"trust": 1.6,
"url": "http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-431.html"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-2092-1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4375"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4375"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/55229/"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56069"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56227"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56231"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62934"
},
{
"trust": 0.3,
"url": "http://xen.xensource.com/"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2013/q4/62"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4375"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4356"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4494"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1442"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1892"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1894"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4361"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3124"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6375"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1894"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4416"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4361"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1666"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1895"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1895"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4371"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6400"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4356"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4329"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1896"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4355"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1891"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4355"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1891"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6885"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4371"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4494"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3124"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4368"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6375"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2599"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6400"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4553"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4416"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.13"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4377"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/qemu/1.5.0+dfsg-3ubuntu5.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/qemu-kvm/1.2.0+noroms-0ubuntu2.12.10.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13722"
},
{
"db": "BID",
"id": "62934"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005859"
},
{
"db": "PACKETSTORM",
"id": "127477"
},
{
"db": "PACKETSTORM",
"id": "125004"
},
{
"db": "NVD",
"id": "CVE-2013-4375"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-521"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13722"
},
{
"db": "BID",
"id": "62934"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005859"
},
{
"db": "PACKETSTORM",
"id": "127477"
},
{
"db": "PACKETSTORM",
"id": "125004"
},
{
"db": "NVD",
"id": "CVE-2013-4375"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-521"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13722"
},
{
"date": "2013-10-10T00:00:00",
"db": "BID",
"id": "62934"
},
{
"date": "2014-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005859"
},
{
"date": "2014-07-16T22:25:37",
"db": "PACKETSTORM",
"id": "127477"
},
{
"date": "2014-01-31T01:24:20",
"db": "PACKETSTORM",
"id": "125004"
},
{
"date": "2014-01-19T18:55:02.560000",
"db": "NVD",
"id": "CVE-2013-4375"
},
{
"date": "2013-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-521"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13722"
},
{
"date": "2015-04-13T22:04:00",
"db": "BID",
"id": "62934"
},
{
"date": "2014-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005859"
},
{
"date": "2017-01-07T02:59:11.327000",
"db": "NVD",
"id": "CVE-2013-4375"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-521"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-521"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xen and QEMU of qemu-xen of qdisk PV Service disruption in disk backend (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005859"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-521"
}
],
"trust": 0.6
}
}
var-201505-0417
Vulnerability from variot
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. QEMU is prone to a remote memory-corruption vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. Relevant releases/architectures:
RHEV Agents (vdsm) - x86_64
- After installing this update, shut down all running virtual machines.
Background
VirtualBox is a powerful virtualization product from Oracle.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: kvm security update Advisory ID: RHSA-2015:1003-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1003.html Issue date: 2015-05-13 CVE Names: CVE-2015-3456 =====================================================================
- Summary:
Updated kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64
- Description:
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems.
An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456)
Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue.
All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
The following procedure must be performed before this update will take effect:
1) Stop all KVM guest virtual machines.
2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd.
3) Restart the KVM guest virtual machines.
- Bugs fixed (https://bugzilla.redhat.com/):
1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access
- Package List:
RHEL Desktop Multi OS (v. 5 client):
Source: kvm-83-272.el5_11.src.rpm
x86_64: kmod-kvm-83-272.el5_11.x86_64.rpm kmod-kvm-debug-83-272.el5_11.x86_64.rpm kvm-83-272.el5_11.x86_64.rpm kvm-debuginfo-83-272.el5_11.x86_64.rpm kvm-qemu-img-83-272.el5_11.x86_64.rpm kvm-tools-83-272.el5_11.x86_64.rpm
RHEL Virtualization (v. 5 server):
Source: kvm-83-272.el5_11.src.rpm
x86_64: kmod-kvm-83-272.el5_11.x86_64.rpm kmod-kvm-debug-83-272.el5_11.x86_64.rpm kvm-83-272.el5_11.x86_64.rpm kvm-debuginfo-83-272.el5_11.x86_64.rpm kvm-qemu-img-83-272.el5_11.x86_64.rpm kvm-tools-83-272.el5_11.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-3456 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVU1nfXlSAg2UNWIIRAtvxAKCVxqsaYdrCQN16dcpCIKajKnUzHgCfVy1r 6y8+9uFGI3F4Epc74lb8mrg= =sjA3 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . From: Yury German blueknight@gentoo.org To: gentoo-announce@lists.gentoo.org Message-ID: 57035F2D.8090108@gentoo.org Subject: [ GLSA 201604-03 ] Xen: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 201604-03
https://security.gentoo.org/
Severity: Normal Title: Xen: Multiple vulnerabilities Date: April 05, 2016 Bugs: #445254, #513832, #547202, #549200, #549950, #550658, #553664, #553718, #555532, #556304, #561110, #564472, #564932, #566798, #566838, #566842, #567962, #571552, #571556, #574012 ID: 201604-03
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service.
Background
Xen is a bare-metal hypervisor.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.6.0-r9 >= 4.6.0-r9 >= 4.5.2-r5 2 app-emulation/xen-pvgrub < 4.6.0 Vulnerable! 3 app-emulation/xen-tools < 4.6.0-r9 >= 4.6.0-r9 >= 4.5.2-r5 4 app-emulation/pvgrub >= 4.6.0 *>= 4.5.2 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages
Description
Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.
Impact
A local attacker could possibly cause a Denial of Service condition or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Xen 4.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5"
All Xen 4.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9"
All Xen tools 4.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.5.2-r5"
All Xen tools 4.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.6.0-r9"
All Xen pvgrub users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"=
References
[ 1 ] CVE-2012-3494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494 [ 2 ] CVE-2012-3495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495 [ 3 ] CVE-2012-3496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496 [ 4 ] CVE-2012-3497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497 [ 5 ] CVE-2012-3498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498 [ 6 ] CVE-2012-3515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515 [ 7 ] CVE-2012-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411 [ 8 ] CVE-2012-4535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535 [ 9 ] CVE-2012-4536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536 [ 10 ] CVE-2012-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537 [ 11 ] CVE-2012-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538 [ 12 ] CVE-2012-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539 [ 13 ] CVE-2012-6030 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030 [ 14 ] CVE-2012-6031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031 [ 15 ] CVE-2012-6032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032 [ 16 ] CVE-2012-6033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033 [ 17 ] CVE-2012-6034 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034 [ 18 ] CVE-2012-6035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035 [ 19 ] CVE-2012-6036 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036 [ 20 ] CVE-2015-2151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151 [ 21 ] CVE-2015-3209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209 [ 22 ] CVE-2015-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259 [ 23 ] CVE-2015-3340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340 [ 24 ] CVE-2015-3456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456 [ 25 ] CVE-2015-4103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103 [ 26 ] CVE-2015-4104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104 [ 27 ] CVE-2015-4105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105 [ 28 ] CVE-2015-4106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106 [ 29 ] CVE-2015-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163 [ 30 ] CVE-2015-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164 [ 31 ] CVE-2015-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154 [ 32 ] CVE-2015-7311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311 [ 33 ] CVE-2015-7504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504 [ 34 ] CVE-2015-7812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812 [ 35 ] CVE-2015-7813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813 [ 36 ] CVE-2015-7814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814 [ 37 ] CVE-2015-7835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835 [ 38 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 39 ] CVE-2015-7969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969 [ 40 ] CVE-2015-7970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970 [ 41 ] CVE-2015-7971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971 [ 42 ] CVE-2015-7972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972 [ 43 ] CVE-2015-8339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339 [ 44 ] CVE-2015-8340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340 [ 45 ] CVE-2015-8341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341 [ 46 ] CVE-2015-8550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550 [ 47 ] CVE-2015-8551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551 [ 48 ] CVE-2015-8552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552 [ 49 ] CVE-2015-8554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554 [ 50 ] CVE-2015-8555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555 [ 51 ] CVE-2016-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270 [ 52 ] CVE-2016-2271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201604-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--roWGDR0oQEDLX1s6lNAQV7ISgI2Pjo8Pc .
CVE-2015-1779
Daniel P. Berrange discovered a denial of service vulnerability in
the VNC web socket decoder.
CVE-2015-2756
Jan Beulich discovered that unmediated PCI command register could
result in denial of service.
CVE-2015-3456
Jason Geffner discovered a buffer overflow in the emulated floppy
disk drive, resulting in the potential execution of arbitrary code.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u7 of the qemu source package and in version 1.1.2+dfsg-6+deb7u7 of the qemu-kvm source package. Only CVE-2015-3456 affects oldstable.
For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your qemu packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xen",
"scope": "eq",
"trust": 1.3,
"vendor": "xen",
"version": "4.5.0"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "qemu",
"scope": "lte",
"trust": 1.0,
"vendor": "qemu",
"version": "2.3.0"
},
{
"model": "enterprise virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "peoplesoft products",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of peoplesoft enterprise pt peopletools 8.53"
},
{
"model": "peoplesoft products",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of peoplesoft enterprise pt peopletools 8.54"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 7)"
},
{
"model": "hp helion openstack",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5 client)"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 7)"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6)"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "qemu",
"scope": null,
"trust": 0.8,
"vendor": "fabrice bellard",
"version": null
},
{
"model": "openstack",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 for rhel 6"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "enterprise virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6.6.z)"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "4.3.28"
},
{
"model": "openstack",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5 server)"
},
{
"model": "rhel virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5 server)"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "xen",
"scope": "lte",
"trust": 0.8,
"vendor": "xen",
"version": "4.5.x and earlier"
},
{
"model": "vm server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6)"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 7)"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6)"
},
{
"model": "vm server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7"
},
{
"model": "openstack",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.0 for rhel 7"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 7)"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "6"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "hp helion openstack",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "1.1.0"
},
{
"model": "vm server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "openstack",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 for rhel 7"
},
{
"model": "rhel desktop multi os",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5 client)"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 6)"
},
{
"model": "qemu",
"scope": "eq",
"trust": 0.6,
"vendor": "qemu",
"version": "2.3.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.4.1"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.4.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.4.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.3.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.3.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.3"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.2"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp4 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "linux enterprise server sp2 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp1 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise expanded support",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "7"
},
{
"model": "linux enterprise expanded support",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "6"
},
{
"model": "linux enterprise expanded support",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "5"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.1"
},
{
"model": "openstack for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.07"
},
{
"model": "openstack for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.07"
},
{
"model": "openstack for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.06"
},
{
"model": "enterprise virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server eus 6.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop multi os client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "qemu",
"scope": "eq",
"trust": 0.3,
"vendor": "qemu",
"version": "0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "northstar controller application",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2.1.0"
},
{
"model": "smartdatacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "joyent",
"version": "0"
},
{
"model": "public cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "joyent",
"version": "0"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "pureapplication system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.20"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.3.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.1.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.1"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.0.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.0.0"
},
{
"model": "flex system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.0"
},
{
"model": "fusioncompute v100r005c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r005c00spc300",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r005c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r003c10spc600",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r003c10cp6001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r003c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r003c00spc300",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1.0"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.0"
},
{
"model": "helion cloudsystem",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "fortisandbox",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.0.2"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "6.0.2"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "6.5"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "6.2"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "6.1"
},
{
"model": "xenserver",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "northstar controller application service pack",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": "2.1.01"
},
{
"model": "fusioncompute v100r005c00cp3001",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fortisandbox",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "74640"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002668"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-207"
},
{
"db": "NVD",
"id": "CVE-2015-3456"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3456"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jason Geffner, CrowdStrike Senior Security Researcher",
"sources": [
{
"db": "BID",
"id": "74640"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3456",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.7,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-3456",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3456",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-207",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-3456",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3456"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002668"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-207"
},
{
"db": "NVD",
"id": "CVE-2015-3456"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. QEMU is prone to a remote memory-corruption vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. Relevant releases/architectures:\n\nRHEV Agents (vdsm) - x86_64\n\n3. After installing\nthis update, shut down all running virtual machines. \n\nBackground\n==========\n\nVirtualBox is a powerful virtualization product from Oracle. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kvm security update\nAdvisory ID: RHSA-2015:1003-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1003.html\nIssue date: 2015-05-13\nCVE Names: CVE-2015-3456 \n=====================================================================\n\n1. Summary:\n\nUpdated kvm packages that fix one security issue are now available for Red\nHat Enterprise Linux 5. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Multi OS (v. 5 client) - x86_64\nRHEL Virtualization (v. 5 server) - x86_64\n\n3. Description:\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. \n\nAn out-of-bounds memory access flaw was found in the way QEMU\u0027s virtual\nFloppy Disk Controller (FDC) handled FIFO buffer access while processing\ncertain FDC commands. A privileged guest user could use this flaw to crash\nthe guest or, potentially, execute arbitrary code on the host with the\nprivileges of the host\u0027s QEMU process corresponding to the guest. \n(CVE-2015-3456)\n\nRed Hat would like to thank Jason Geffner of CrowdStrike for reporting\nthis issue. \n\nAll kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Note: The procedure in\nthe Solution section must be performed before this update will take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe following procedure must be performed before this update will take\neffect:\n\n1) Stop all KVM guest virtual machines. \n\n2) Either reboot the hypervisor machine or, as the root user, remove (using\n\"modprobe -r [module]\") and reload (using \"modprobe [module]\") all of the\nfollowing modules which are currently running (determined using \"lsmod\"):\nkvm, ksm, kvm-intel or kvm-amd. \n\n3) Restart the KVM guest virtual machines. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access\n\n6. Package List:\n\nRHEL Desktop Multi OS (v. 5 client):\n\nSource:\nkvm-83-272.el5_11.src.rpm\n\nx86_64:\nkmod-kvm-83-272.el5_11.x86_64.rpm\nkmod-kvm-debug-83-272.el5_11.x86_64.rpm\nkvm-83-272.el5_11.x86_64.rpm\nkvm-debuginfo-83-272.el5_11.x86_64.rpm\nkvm-qemu-img-83-272.el5_11.x86_64.rpm\nkvm-tools-83-272.el5_11.x86_64.rpm\n\nRHEL Virtualization (v. 5 server):\n\nSource:\nkvm-83-272.el5_11.src.rpm\n\nx86_64:\nkmod-kvm-83-272.el5_11.x86_64.rpm\nkmod-kvm-debug-83-272.el5_11.x86_64.rpm\nkvm-83-272.el5_11.x86_64.rpm\nkvm-debuginfo-83-272.el5_11.x86_64.rpm\nkvm-qemu-img-83-272.el5_11.x86_64.rpm\nkvm-tools-83-272.el5_11.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3456\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVU1nfXlSAg2UNWIIRAtvxAKCVxqsaYdrCQN16dcpCIKajKnUzHgCfVy1r\n6y8+9uFGI3F4Epc74lb8mrg=\n=sjA3\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. From: Yury German \u003cblueknight@gentoo.org\u003e\nTo: gentoo-announce@lists.gentoo.org\nMessage-ID: \u003c57035F2D.8090108@gentoo.org\u003e\nSubject: [ GLSA 201604-03 ] Xen: Multiple vulnerabilities\n\n\n\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201604-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Xen: Multiple vulnerabilities\n Date: April 05, 2016\n Bugs: #445254, #513832, #547202, #549200, #549950, #550658,\n #553664, #553718, #555532, #556304, #561110, #564472,\n #564932, #566798, #566838, #566842, #567962, #571552,\n #571556, #574012\n ID: 201604-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncause a Denial of Service. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/xen \u003c 4.6.0-r9 \u003e= 4.6.0-r9\n *\u003e= 4.5.2-r5\n 2 app-emulation/xen-pvgrub\n \u003c 4.6.0 Vulnerable!\n 3 app-emulation/xen-tools \u003c 4.6.0-r9 \u003e= 4.6.0-r9\n *\u003e= 4.5.2-r5\n 4 app-emulation/pvgrub \u003e= 4.6.0\n *\u003e= 4.5.2\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n 4 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nA local attacker could possibly cause a Denial of Service condition or\nobtain sensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen 4.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.5.2-r5\"\n\nAll Xen 4.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.6.0-r9\"\n\nAll Xen tools 4.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-emulation/xen-tools-4.5.2-r5\"\n\nAll Xen tools 4.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-emulation/xen-tools-4.6.0-r9\"\n\nAll Xen pvgrub users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-pvgrub-4.6.0\"=\n\n\nReferences\n==========\n\n[ 1 ] CVE-2012-3494\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494\n[ 2 ] CVE-2012-3495\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495\n[ 3 ] CVE-2012-3496\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496\n[ 4 ] CVE-2012-3497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497\n[ 5 ] CVE-2012-3498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498\n[ 6 ] CVE-2012-3515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515\n[ 7 ] CVE-2012-4411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411\n[ 8 ] CVE-2012-4535\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535\n[ 9 ] CVE-2012-4536\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536\n[ 10 ] CVE-2012-4537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537\n[ 11 ] CVE-2012-4538\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538\n[ 12 ] CVE-2012-4539\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539\n[ 13 ] CVE-2012-6030\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030\n[ 14 ] CVE-2012-6031\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031\n[ 15 ] CVE-2012-6032\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032\n[ 16 ] CVE-2012-6033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033\n[ 17 ] CVE-2012-6034\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034\n[ 18 ] CVE-2012-6035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035\n[ 19 ] CVE-2012-6036\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036\n[ 20 ] CVE-2015-2151\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151\n[ 21 ] CVE-2015-3209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209\n[ 22 ] CVE-2015-3259\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259\n[ 23 ] CVE-2015-3340\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340\n[ 24 ] CVE-2015-3456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456\n[ 25 ] CVE-2015-4103\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103\n[ 26 ] CVE-2015-4104\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104\n[ 27 ] CVE-2015-4105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105\n[ 28 ] CVE-2015-4106\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106\n[ 29 ] CVE-2015-4163\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163\n[ 30 ] CVE-2015-4164\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164\n[ 31 ] CVE-2015-5154\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154\n[ 32 ] CVE-2015-7311\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311\n[ 33 ] CVE-2015-7504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504\n[ 34 ] CVE-2015-7812\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812\n[ 35 ] CVE-2015-7813\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813\n[ 36 ] CVE-2015-7814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814\n[ 37 ] CVE-2015-7835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835\n[ 38 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 39 ] CVE-2015-7969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969\n[ 40 ] CVE-2015-7970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970\n[ 41 ] CVE-2015-7971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971\n[ 42 ] CVE-2015-7972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972\n[ 43 ] CVE-2015-8339\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339\n[ 44 ] CVE-2015-8340\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340\n[ 45 ] CVE-2015-8341\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341\n[ 46 ] CVE-2015-8550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550\n[ 47 ] CVE-2015-8551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551\n[ 48 ] CVE-2015-8552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552\n[ 49 ] CVE-2015-8554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554\n[ 50 ] CVE-2015-8555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555\n[ 51 ] CVE-2016-2270\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270\n[ 52 ] CVE-2016-2271\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201604-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n--roWGDR0oQEDLX1s6lNAQV7ISgI2Pjo8Pc\n. \n\nCVE-2015-1779\n\n Daniel P. Berrange discovered a denial of service vulnerability in\n the VNC web socket decoder. \n\nCVE-2015-2756\n\n Jan Beulich discovered that unmediated PCI command register could\n result in denial of service. \n\nCVE-2015-3456\n\n Jason Geffner discovered a buffer overflow in the emulated floppy\n disk drive, resulting in the potential execution of arbitrary code. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6a+deb7u7 of the qemu source package and in version\n1.1.2+dfsg-6+deb7u7 of the qemu-kvm source package. Only CVE-2015-3456\naffects oldstable. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12. \n\nFor the unstable distribution (sid), these problems will be fixed soon. \n\nWe recommend that you upgrade your qemu packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3456"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002668"
},
{
"db": "BID",
"id": "74640"
},
{
"db": "VULMON",
"id": "CVE-2015-3456"
},
{
"db": "PACKETSTORM",
"id": "131894"
},
{
"db": "PACKETSTORM",
"id": "131890"
},
{
"db": "PACKETSTORM",
"id": "140113"
},
{
"db": "PACKETSTORM",
"id": "131889"
},
{
"db": "PACKETSTORM",
"id": "136587"
},
{
"db": "PACKETSTORM",
"id": "131879"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37053",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3456"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3456",
"trust": 3.4
},
{
"db": "BID",
"id": "74640",
"trust": 2.0
},
{
"db": "JUNIPER",
"id": "JSA10783",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1032917",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1032306",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1032311",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "37053",
"trust": 1.7
},
{
"db": "JUNIPER",
"id": "JSA10693",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10118",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002668",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-207",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2015-3456",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131894",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131890",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140113",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136587",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131879",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3456"
},
{
"db": "BID",
"id": "74640"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002668"
},
{
"db": "PACKETSTORM",
"id": "131894"
},
{
"db": "PACKETSTORM",
"id": "131890"
},
{
"db": "PACKETSTORM",
"id": "140113"
},
{
"db": "PACKETSTORM",
"id": "131889"
},
{
"db": "PACKETSTORM",
"id": "136587"
},
{
"db": "PACKETSTORM",
"id": "131879"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-207"
},
{
"db": "NVD",
"id": "CVE-2015-3456"
}
]
},
"id": "VAR-201505-0417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3808862333333334
},
"last_update_date": "2024-06-12T21:47:20.585000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPSBMU03336",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html"
},
{
"title": "Oracle Security Alert for CVE-2015-3456",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html"
},
{
"title": "fdc: force the fifo access to be in bounds of the allocated buffer",
"trust": 0.8,
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c"
},
{
"title": "VENOM: QEMU vulnerability (CVE-2015-3456)",
"trust": 0.8,
"url": "https://access.redhat.com/articles/1444903"
},
{
"title": "RHSA-2015:1002",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1002.html"
},
{
"title": "RHSA-2015:1003",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1003.html"
},
{
"title": "RHSA-2015:1004",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1004.html"
},
{
"title": "RHSA-2015:0998",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0998.html"
},
{
"title": "RHSA-2015:0999",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0999.html"
},
{
"title": "RHSA-2015:1000",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1000.html"
},
{
"title": "RHSA-2015:1001",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1001.html"
},
{
"title": "VENOM, don\u2019t get bitten.",
"trust": 0.8,
"url": "http://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
},
{
"title": "July 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2015_critical_patch_update"
},
{
"title": " CVE-2015-3456",
"trust": 0.8,
"url": "https://www.suse.com/security/cve/cve-2015-3456.html"
},
{
"title": "XSA-133",
"trust": 0.8,
"url": "http://xenbits.xen.org/xsa/advisory-133.html"
},
{
"title": "xsa133-qemuu",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55519"
},
{
"title": "xsa133-qemut",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55518"
},
{
"title": "xsa133-qemuu-4.3-4.2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55520"
},
{
"title": "qemu.git-e907746266721f305d67bc0718795fedee2e824c",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=55517"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/05/05/poc_exploit_tripled_2015_study/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2015/05/19/oracle_patches_venom/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2015/05/14/venom_analysis/"
},
{
"title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2015-3456: floppy driver host code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1e9cefc84b9a72ae90225e9ff55d95b7"
},
{
"title": "Debian Security Advisories: DSA-3262-1 xen -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=062e555c99e007ed070757c824f250eb"
},
{
"title": "Debian Security Advisories: DSA-3274-1 virtualbox -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=13673fabccef0c794fd2bc2944597470"
},
{
"title": "Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2608-1"
},
{
"title": "Debian Security Advisories: DSA-3259-1 qemu -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=57edcd554beef990c5db7c77e4410e91"
},
{
"title": "Debian CVElist Bug Report Logs: qemu: CVE-2014-9718 CVE-2015-1779",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a8c61c5fbe108faa83788a9a61ccb677"
},
{
"title": "Symantec Security Advisories: SA95 : VENOM Vulnerability in Virtualization Platforms",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=015b922e5570d0f4c9f66b103d8e694a"
},
{
"title": "Oracle: Oracle Security Alert for CVE-2015-3456",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=222bdb74a04df3dae048eda54c80f9ea"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=459961024c4bdce7bb3a1a40a65a6f2e"
},
{
"title": "elysiumVM",
"trust": 0.1,
"url": "https://github.com/cyberlifetech/elysiumvm "
},
{
"title": "cve-2015-3456",
"trust": 0.1,
"url": "https://github.com/vincentbernat/cve-2015-3456 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/rub-syssec/hypercube "
},
{
"title": "laputa",
"trust": 0.1,
"url": "https://github.com/takuzoo3868/laputa "
},
{
"title": "cookbook-xs-maintenance",
"trust": 0.1,
"url": "https://github.com/pigram86/cookbook-xs-maintenance "
},
{
"title": "rhsecapi",
"trust": 0.1,
"url": "https://github.com/redhatofficial/rhsecapi "
},
{
"title": "cve-pylib",
"trust": 0.1,
"url": "https://github.com/redhatproductsecurity/cve-pylib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3456"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002668"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002668"
},
{
"db": "NVD",
"id": "CVE-2015-3456"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://venom.crowdstrike.com/"
},
{
"trust": 2.6,
"url": "http://support.citrix.com/article/ctx201078"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2015/dsa-3274"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/74640"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2015/dsa-3262"
},
{
"trust": 2.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1001.html"
},
{
"trust": 2.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1004.html"
},
{
"trust": 2.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1000.html"
},
{
"trust": 2.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0999.html"
},
{
"trust": 2.0,
"url": "http://xenbits.xen.org/xsa/advisory-133.html"
},
{
"trust": 2.0,
"url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"trust": 2.0,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1011.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1003.html"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/37053/"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201612-27"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1002.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0998.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/articles/1444903"
},
{
"trust": 1.7,
"url": "https://www.suse.com/security/cve/cve-2015-3456.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10118"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/158072.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-2608-1"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
},
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/venom"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10693"
},
{
"trust": 1.7,
"url": "https://bto.bluecoat.com/security-advisory/sa95"
},
{
"trust": 1.7,
"url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1032311"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1032306"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
},
{
"trust": 1.7,
"url": "https://kb.juniper.net/jsa10783"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201602-01"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1032917"
},
{
"trust": 1.7,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
},
{
"trust": 1.0,
"url": "http://git.qemu.org/?p=qemu.git%3ba=commitdiff%3bh=e907746266721f305d67bc0718795fedee2e824c"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3456"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3456"
},
{
"trust": 0.7,
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3456"
},
{
"trust": 0.3,
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=e907746266721f305d67bc0718795fedee2e824c"
},
{
"trust": 0.3,
"url": "http://wiki.qemu.org/main_page"
},
{
"trust": 0.3,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10783\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.fortiguard.com/advisory/fg-ir-15-012/"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/may/129"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04706564"
},
{
"trust": 0.3,
"url": "https://www.suse.com/support/kb/doc.php?id=7016497"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2015-1031.html"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-438937.htm"
},
{
"trust": 0.3,
"url": "https://help.joyent.com/entries/68099220-security-advisory-on-venom-cve-2015-3456-in-kvm-qemu"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098681"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903743"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022292"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-428704.htm"
},
{
"trust": 0.3,
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150889-1.html"
},
{
"trust": 0.3,
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150943-1.html"
},
{
"trust": 0.3,
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150896-1.html"
},
{
"trust": 0.3,
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150889-2.html"
},
{
"trust": 0.3,
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150944-1.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/connections/blogs/psirt/entry/venom_cve_2015_3456?lang=en_us"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-3456"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3456"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/cyberlifetech/elysiumvm"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38855"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2608-1/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5611"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5610"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0418"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0983"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0427"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6595"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0427"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6589"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0983"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5610"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5608"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0418"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6589"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4536"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5154"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4103"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4105"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4535"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6030"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4538"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6036"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7814"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4106"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8550"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3497"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3495"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3259"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3340"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2151"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4411"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7972"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4538"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6035"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3495"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3494"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6032"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4537"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6035"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6032"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3515"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3498"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2270"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3209"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6030"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3497"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3494"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4163"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4104"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7311"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2151"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6033"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4411"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4105"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3340"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4164"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3515"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4103"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4104"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3496"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2271"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7812"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9718"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2756"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3456"
},
{
"db": "BID",
"id": "74640"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002668"
},
{
"db": "PACKETSTORM",
"id": "131894"
},
{
"db": "PACKETSTORM",
"id": "131890"
},
{
"db": "PACKETSTORM",
"id": "140113"
},
{
"db": "PACKETSTORM",
"id": "131889"
},
{
"db": "PACKETSTORM",
"id": "136587"
},
{
"db": "PACKETSTORM",
"id": "131879"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-207"
},
{
"db": "NVD",
"id": "CVE-2015-3456"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2015-3456"
},
{
"db": "BID",
"id": "74640"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002668"
},
{
"db": "PACKETSTORM",
"id": "131894"
},
{
"db": "PACKETSTORM",
"id": "131890"
},
{
"db": "PACKETSTORM",
"id": "140113"
},
{
"db": "PACKETSTORM",
"id": "131889"
},
{
"db": "PACKETSTORM",
"id": "136587"
},
{
"db": "PACKETSTORM",
"id": "131879"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-207"
},
{
"db": "NVD",
"id": "CVE-2015-3456"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3456"
},
{
"date": "2015-05-13T00:00:00",
"db": "BID",
"id": "74640"
},
{
"date": "2015-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002668"
},
{
"date": "2015-05-13T19:45:39",
"db": "PACKETSTORM",
"id": "131894"
},
{
"date": "2015-05-13T19:45:08",
"db": "PACKETSTORM",
"id": "131890"
},
{
"date": "2016-12-12T04:22:22",
"db": "PACKETSTORM",
"id": "140113"
},
{
"date": "2015-05-13T19:44:59",
"db": "PACKETSTORM",
"id": "131889"
},
{
"date": "2016-04-06T13:30:13",
"db": "PACKETSTORM",
"id": "136587"
},
{
"date": "2015-05-13T17:43:32",
"db": "PACKETSTORM",
"id": "131879"
},
{
"date": "2015-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-207"
},
{
"date": "2015-05-13T18:59:00.157000",
"db": "NVD",
"id": "CVE-2015-3456"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-17T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3456"
},
{
"date": "2017-04-18T00:05:00",
"db": "BID",
"id": "74640"
},
{
"date": "2015-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002668"
},
{
"date": "2021-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-207"
},
{
"date": "2023-11-07T02:25:38.537000",
"db": "NVD",
"id": "CVE-2015-3456"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xen and KVM Used in QEMU Service disruption in floppy disk controllers in Japan (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002668"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-207"
}
],
"trust": 0.6
}
}
var-201506-0038
Vulnerability from variot
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Xen is a virtualization technology for the Linux kernel that allows multiple operating systems to run simultaneously. QEMU is prone to a heap-based buffer-overflow vulnerability. Failed attacks will cause denial-of-service conditions. QEMU (also known as Quick Emulator) is a set of analog processor software developed by French programmer Fabrice Bellard. The software has the characteristics of fast speed and cross-platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2015:1087-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1087.html Issue date: 2015-06-10 CVE Names: CVE-2015-3209 =====================================================================
- Summary:
Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
- Description:
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM.
A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. (CVE-2015-3209)
Red Hat would like to thank Matt Tait of Google's Project Zero security team for reporting this issue.
All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1225882 - CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm
i386: qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm
x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm
x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm
i386: qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm
x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: qemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm
i386: qemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm
x86_64: qemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-3209 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVeHRmXlSAg2UNWIIRAkq5AKCeYGr9MG7Kdic1FVJZw2avAhO6eACdFG0W VCkW3jIuuaxOqeYM0s8u6ss= =+WsT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
CVE-2015-4037
Kurt Seifried of Red Hat Product Security discovered that QEMU's
user mode networking stack uses predictable temporary file names
when the -smb option is used.
For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6+deb7u8.
We recommend that you upgrade your qemu-kvm packages. From: Yury German blueknight@gentoo.org To: gentoo-announce@lists.gentoo.org Message-ID: 57035F2D.8090108@gentoo.org Subject: [ GLSA 201604-03 ] Xen: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 201604-03
https://security.gentoo.org/
Severity: Normal Title: Xen: Multiple vulnerabilities Date: April 05, 2016 Bugs: #445254, #513832, #547202, #549200, #549950, #550658, #553664, #553718, #555532, #556304, #561110, #564472, #564932, #566798, #566838, #566842, #567962, #571552, #571556, #574012 ID: 201604-03
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service.
Background
Xen is a bare-metal hypervisor.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.6.0-r9 >= 4.6.0-r9 >= 4.5.2-r5 2 app-emulation/xen-pvgrub < 4.6.0 Vulnerable! 3 app-emulation/xen-tools < 4.6.0-r9 >= 4.6.0-r9 >= 4.5.2-r5 4 app-emulation/pvgrub >= 4.6.0 *>= 4.5.2 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages
Description
Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Xen 4.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.5.2-r5"
All Xen 4.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.6.0-r9"
All Xen tools 4.5 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.5.2-r5"
All Xen tools 4.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.6.0-r9"
All Xen pvgrub users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-pvgrub-4.6.0"=
References
[ 1 ] CVE-2012-3494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494 [ 2 ] CVE-2012-3495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495 [ 3 ] CVE-2012-3496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496 [ 4 ] CVE-2012-3497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497 [ 5 ] CVE-2012-3498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498 [ 6 ] CVE-2012-3515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515 [ 7 ] CVE-2012-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411 [ 8 ] CVE-2012-4535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535 [ 9 ] CVE-2012-4536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536 [ 10 ] CVE-2012-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537 [ 11 ] CVE-2012-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538 [ 12 ] CVE-2012-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539 [ 13 ] CVE-2012-6030 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030 [ 14 ] CVE-2012-6031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031 [ 15 ] CVE-2012-6032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032 [ 16 ] CVE-2012-6033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033 [ 17 ] CVE-2012-6034 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034 [ 18 ] CVE-2012-6035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035 [ 19 ] CVE-2012-6036 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036 [ 20 ] CVE-2015-2151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151 [ 21 ] CVE-2015-3209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209 [ 22 ] CVE-2015-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259 [ 23 ] CVE-2015-3340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340 [ 24 ] CVE-2015-3456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456 [ 25 ] CVE-2015-4103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103 [ 26 ] CVE-2015-4104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104 [ 27 ] CVE-2015-4105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105 [ 28 ] CVE-2015-4106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106 [ 29 ] CVE-2015-4163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163 [ 30 ] CVE-2015-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164 [ 31 ] CVE-2015-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154 [ 32 ] CVE-2015-7311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311 [ 33 ] CVE-2015-7504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504 [ 34 ] CVE-2015-7812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812 [ 35 ] CVE-2015-7813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813 [ 36 ] CVE-2015-7814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814 [ 37 ] CVE-2015-7835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835 [ 38 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 39 ] CVE-2015-7969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969 [ 40 ] CVE-2015-7970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970 [ 41 ] CVE-2015-7971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971 [ 42 ] CVE-2015-7972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972 [ 43 ] CVE-2015-8339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339 [ 44 ] CVE-2015-8340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340 [ 45 ] CVE-2015-8341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341 [ 46 ] CVE-2015-8550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550 [ 47 ] CVE-2015-8551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551 [ 48 ] CVE-2015-8552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552 [ 49 ] CVE-2015-8554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554 [ 50 ] CVE-2015-8555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555 [ 51 ] CVE-2016-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270 [ 52 ] CVE-2016-2271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201604-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--roWGDR0oQEDLX1s6lNAQV7ISgI2Pjo8Pc . ============================================================================ Ubuntu Security Notice USN-2630-1 June 10, 2015
qemu, qemu-kvm vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description: - qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer
Details:
Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-3209)
Kurt Seifried discovered that QEMU incorrectly handled certain temporary files. A local attacker could use this issue to cause a denial of service. (CVE-2015-4037)
Jan Beulich discovered that the QEMU Xen code incorrectly restricted write access to the host MSI message data field. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4103)
Jan Beulich discovered that the QEMU Xen code incorrectly restricted access to the PCI MSI mask bits. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4104)
Jan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X error messages. A malicious guest could use this issue to cause a denial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4105)
Jan Beulich discovered that the QEMU Xen code incorrectly restricted write access to the PCI config space. A malicious guest could use this issue to cause a denial of service, obtain sensitive information, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4106)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: qemu-system 1:2.2+dfsg-5expubuntu9.2 qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.2 qemu-system-arm 1:2.2+dfsg-5expubuntu9.2 qemu-system-mips 1:2.2+dfsg-5expubuntu9.2 qemu-system-misc 1:2.2+dfsg-5expubuntu9.2 qemu-system-ppc 1:2.2+dfsg-5expubuntu9.2 qemu-system-sparc 1:2.2+dfsg-5expubuntu9.2 qemu-system-x86 1:2.2+dfsg-5expubuntu9.2
Ubuntu 14.10: qemu-system 2.1+dfsg-4ubuntu6.7 qemu-system-aarch64 2.1+dfsg-4ubuntu6.7 qemu-system-arm 2.1+dfsg-4ubuntu6.7 qemu-system-mips 2.1+dfsg-4ubuntu6.7 qemu-system-misc 2.1+dfsg-4ubuntu6.7 qemu-system-ppc 2.1+dfsg-4ubuntu6.7 qemu-system-sparc 2.1+dfsg-4ubuntu6.7 qemu-system-x86 2.1+dfsg-4ubuntu6.7
Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.13 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.13 qemu-system-arm 2.0.0+dfsg-2ubuntu1.13 qemu-system-mips 2.0.0+dfsg-2ubuntu1.13 qemu-system-misc 2.0.0+dfsg-2ubuntu1.13 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.13 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.13 qemu-system-x86 2.0.0+dfsg-2ubuntu1.13
Ubuntu 12.04 LTS: qemu-kvm 1.0+noroms-0ubuntu14.23
After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0038",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "eos",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": "4.13"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "qemu",
"scope": "lte",
"trust": 1.0,
"vendor": "qemu",
"version": "2.3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "eos",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": "4.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "20"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "22"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "eos",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": "4.15"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "junos space",
"scope": "lte",
"trust": 1.0,
"vendor": "juniper",
"version": "15.1"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "21"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "eos",
"scope": "eq",
"trust": 1.0,
"vendor": "arista",
"version": "4.12"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "qemu",
"scope": null,
"trust": 0.8,
"vendor": "fabrice bellard",
"version": null
},
{
"model": "xen",
"scope": "lte",
"trust": 0.8,
"vendor": "xen",
"version": "4.5.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.6,
"vendor": "xensource",
"version": "4.2.x"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.6,
"vendor": "xensource",
"version": "4.3.x"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.6,
"vendor": "xensource",
"version": "4.4.x"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.5.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.4.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.4.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.4"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.3.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.3.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.3"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.3"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.2"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.1"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "4.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp1 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp4 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server sp2 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.1"
},
{
"model": "openstack for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.06"
},
{
"model": "enterprise virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server eus 6.6.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop multi os client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "qemu",
"scope": "eq",
"trust": 0.3,
"vendor": "qemu",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "northstar controller application",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2.1.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.9.3"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.8.3"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.3.0.3"
},
{
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "northstar controller application service pack",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": "2.1.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03820"
},
{
"db": "BID",
"id": "75123"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003134"
},
{
"db": "NVD",
"id": "CVE-2015-3209"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3209"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matt Tait of Google\u0027s Project Zero security team.",
"sources": [
{
"db": "BID",
"id": "75123"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3209",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3209",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-03820",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-81170",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3209",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-03820",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-81170",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03820"
},
{
"db": "VULHUB",
"id": "VHN-81170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003134"
},
{
"db": "NVD",
"id": "CVE-2015-3209"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Xen is a virtualization technology for the Linux kernel that allows multiple operating systems to run simultaneously. QEMU is prone to a heap-based buffer-overflow vulnerability. Failed attacks will cause denial-of-service conditions. QEMU (also known as Quick Emulator) is a set of analog processor software developed by French programmer Fabrice Bellard. The software has the characteristics of fast speed and cross-platform. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: qemu-kvm security update\nAdvisory ID: RHSA-2015:1087-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1087.html\nIssue date: 2015-06-10\nCVE Names: CVE-2015-3209 \n=====================================================================\n\n1. Summary:\n\nUpdated qemu-kvm packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nKVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides the\nuser-space component for running virtual machines using KVM. \n\nA flaw was found in the way QEMU\u0027s AMD PCnet Ethernet emulation handled\nmulti-TMD packets with a length above 4096 bytes. (CVE-2015-3209)\n\nRed Hat would like to thank Matt Tait of Google\u0027s Project Zero security\nteam for reporting this issue. \n\nAll qemu-kvm users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing this\nupdate, shut down all running virtual machines. Once all virtual machines\nhave shut down, start them again for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1225882 - CVE-2015-3209 qemu: pcnet: multi-tmd buffer overflow in the tx path\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nqemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm\n\ni386:\nqemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm\nqemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm\n\nx86_64:\nqemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nqemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm\n\nx86_64:\nqemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nqemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm\n\ni386:\nqemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm\nqemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm\n\nx86_64:\nqemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nqemu-kvm-0.12.1.2-2.448.el6_6.4.src.rpm\n\ni386:\nqemu-guest-agent-0.12.1.2-2.448.el6_6.4.i686.rpm\nqemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.i686.rpm\n\nx86_64:\nqemu-guest-agent-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-img-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-debuginfo-0.12.1.2-2.448.el6_6.4.x86_64.rpm\nqemu-kvm-tools-0.12.1.2-2.448.el6_6.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3209\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVeHRmXlSAg2UNWIIRAkq5AKCeYGr9MG7Kdic1FVJZw2avAhO6eACdFG0W\nVCkW3jIuuaxOqeYM0s8u6ss=\n=+WsT\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nCVE-2015-4037\n\n Kurt Seifried of Red Hat Product Security discovered that QEMU\u0027s\n user mode networking stack uses predictable temporary file names\n when the -smb option is used. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6+deb7u8. \n\nWe recommend that you upgrade your qemu-kvm packages. From: Yury German \u003cblueknight@gentoo.org\u003e\nTo: gentoo-announce@lists.gentoo.org\nMessage-ID: \u003c57035F2D.8090108@gentoo.org\u003e\nSubject: [ GLSA 201604-03 ] Xen: Multiple vulnerabilities\n\n\n\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201604-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Xen: Multiple vulnerabilities\n Date: April 05, 2016\n Bugs: #445254, #513832, #547202, #549200, #549950, #550658,\n #553664, #553718, #555532, #556304, #561110, #564472,\n #564932, #566798, #566838, #566842, #567962, #571552,\n #571556, #574012\n ID: 201604-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncause a Denial of Service. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/xen \u003c 4.6.0-r9 \u003e= 4.6.0-r9\n *\u003e= 4.5.2-r5\n 2 app-emulation/xen-pvgrub\n \u003c 4.6.0 Vulnerable!\n 3 app-emulation/xen-tools \u003c 4.6.0-r9 \u003e= 4.6.0-r9\n *\u003e= 4.5.2-r5\n 4 app-emulation/pvgrub \u003e= 4.6.0\n *\u003e= 4.5.2\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n 4 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen 4.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.5.2-r5\"\n\nAll Xen 4.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.6.0-r9\"\n\nAll Xen tools 4.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-emulation/xen-tools-4.5.2-r5\"\n\nAll Xen tools 4.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-emulation/xen-tools-4.6.0-r9\"\n\nAll Xen pvgrub users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-pvgrub-4.6.0\"=\n\n\nReferences\n==========\n\n[ 1 ] CVE-2012-3494\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494\n[ 2 ] CVE-2012-3495\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495\n[ 3 ] CVE-2012-3496\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496\n[ 4 ] CVE-2012-3497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497\n[ 5 ] CVE-2012-3498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498\n[ 6 ] CVE-2012-3515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515\n[ 7 ] CVE-2012-4411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411\n[ 8 ] CVE-2012-4535\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535\n[ 9 ] CVE-2012-4536\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536\n[ 10 ] CVE-2012-4537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537\n[ 11 ] CVE-2012-4538\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538\n[ 12 ] CVE-2012-4539\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539\n[ 13 ] CVE-2012-6030\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030\n[ 14 ] CVE-2012-6031\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031\n[ 15 ] CVE-2012-6032\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032\n[ 16 ] CVE-2012-6033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033\n[ 17 ] CVE-2012-6034\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034\n[ 18 ] CVE-2012-6035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035\n[ 19 ] CVE-2012-6036\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036\n[ 20 ] CVE-2015-2151\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2151\n[ 21 ] CVE-2015-3209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209\n[ 22 ] CVE-2015-3259\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3259\n[ 23 ] CVE-2015-3340\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3340\n[ 24 ] CVE-2015-3456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3456\n[ 25 ] CVE-2015-4103\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4103\n[ 26 ] CVE-2015-4104\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4104\n[ 27 ] CVE-2015-4105\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4105\n[ 28 ] CVE-2015-4106\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4106\n[ 29 ] CVE-2015-4163\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4163\n[ 30 ] CVE-2015-4164\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4164\n[ 31 ] CVE-2015-5154\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154\n[ 32 ] CVE-2015-7311\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7311\n[ 33 ] CVE-2015-7504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7504\n[ 34 ] CVE-2015-7812\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7812\n[ 35 ] CVE-2015-7813\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7813\n[ 36 ] CVE-2015-7814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7814\n[ 37 ] CVE-2015-7835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7835\n[ 38 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 39 ] CVE-2015-7969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7969\n[ 40 ] CVE-2015-7970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7970\n[ 41 ] CVE-2015-7971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7971\n[ 42 ] CVE-2015-7972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7972\n[ 43 ] CVE-2015-8339\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8339\n[ 44 ] CVE-2015-8340\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8340\n[ 45 ] CVE-2015-8341\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8341\n[ 46 ] CVE-2015-8550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8550\n[ 47 ] CVE-2015-8551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8551\n[ 48 ] CVE-2015-8552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8552\n[ 49 ] CVE-2015-8554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8554\n[ 50 ] CVE-2015-8555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8555\n[ 51 ] CVE-2016-2270\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2270\n[ 52 ] CVE-2016-2271\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2271\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201604-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n--roWGDR0oQEDLX1s6lNAQV7ISgI2Pjo8Pc\n. ============================================================================\nUbuntu Security Notice USN-2630-1\nJune 10, 2015\n\nqemu, qemu-kvm vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in QEMU. \n\nSoftware Description:\n- qemu: Machine emulator and virtualizer\n- qemu-kvm: Machine emulator and virtualizer\n\nDetails:\n\nMatt Tait discovered that QEMU incorrectly handled the virtual PCNET\ndriver. In the default installation, when QEMU is used with\nlibvirt, attackers would be isolated by the libvirt AppArmor profile. \n(CVE-2015-3209)\n\nKurt Seifried discovered that QEMU incorrectly handled certain temporary\nfiles. A local attacker could use this issue to cause a denial of service. \n(CVE-2015-4037)\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write\naccess to the host MSI message data field. A malicious guest could use this\nissue to cause a denial of service. This issue only applied to Ubuntu 14.04\nLTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-4103)\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted access\nto the PCI MSI mask bits. A malicious guest could use this issue to cause a\ndenial of service. This issue only applied to Ubuntu 14.04 LTS, Ubuntu\n14.10 and Ubuntu 15.04. (CVE-2015-4104)\n\nJan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X\nerror messages. A malicious guest could use this issue to cause a denial of\nservice. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 14.10 and\nUbuntu 15.04. (CVE-2015-4105)\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write\naccess to the PCI config space. A malicious guest could use this issue to\ncause a denial of service, obtain sensitive information, or possibly\nexecute arbitrary code. This issue only applied to Ubuntu 14.04 LTS,\nUbuntu 14.10 and Ubuntu 15.04. (CVE-2015-4106)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n qemu-system 1:2.2+dfsg-5expubuntu9.2\n qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.2\n qemu-system-arm 1:2.2+dfsg-5expubuntu9.2\n qemu-system-mips 1:2.2+dfsg-5expubuntu9.2\n qemu-system-misc 1:2.2+dfsg-5expubuntu9.2\n qemu-system-ppc 1:2.2+dfsg-5expubuntu9.2\n qemu-system-sparc 1:2.2+dfsg-5expubuntu9.2\n qemu-system-x86 1:2.2+dfsg-5expubuntu9.2\n\nUbuntu 14.10:\n qemu-system 2.1+dfsg-4ubuntu6.7\n qemu-system-aarch64 2.1+dfsg-4ubuntu6.7\n qemu-system-arm 2.1+dfsg-4ubuntu6.7\n qemu-system-mips 2.1+dfsg-4ubuntu6.7\n qemu-system-misc 2.1+dfsg-4ubuntu6.7\n qemu-system-ppc 2.1+dfsg-4ubuntu6.7\n qemu-system-sparc 2.1+dfsg-4ubuntu6.7\n qemu-system-x86 2.1+dfsg-4ubuntu6.7\n\nUbuntu 14.04 LTS:\n qemu-system 2.0.0+dfsg-2ubuntu1.13\n qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.13\n qemu-system-arm 2.0.0+dfsg-2ubuntu1.13\n qemu-system-mips 2.0.0+dfsg-2ubuntu1.13\n qemu-system-misc 2.0.0+dfsg-2ubuntu1.13\n qemu-system-ppc 2.0.0+dfsg-2ubuntu1.13\n qemu-system-sparc 2.0.0+dfsg-2ubuntu1.13\n qemu-system-x86 2.0.0+dfsg-2ubuntu1.13\n\nUbuntu 12.04 LTS:\n qemu-kvm 1.0+noroms-0ubuntu14.23\n\nAfter a standard system update you need to restart all QEMU virtual\nmachines to make all the necessary changes. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3209"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003134"
},
{
"db": "CNVD",
"id": "CNVD-2015-03820"
},
{
"db": "BID",
"id": "75123"
},
{
"db": "VULHUB",
"id": "VHN-81170"
},
{
"db": "PACKETSTORM",
"id": "132242"
},
{
"db": "PACKETSTORM",
"id": "132289"
},
{
"db": "PACKETSTORM",
"id": "136587"
},
{
"db": "PACKETSTORM",
"id": "132241"
},
{
"db": "PACKETSTORM",
"id": "132251"
},
{
"db": "PACKETSTORM",
"id": "134165"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3209",
"trust": 3.4
},
{
"db": "BID",
"id": "75123",
"trust": 2.0
},
{
"db": "JUNIPER",
"id": "JSA10783",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1032545",
"trust": 1.1
},
{
"db": "JUNIPER",
"id": "JSA10698",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003134",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-03820",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "134165",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132289",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132242",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132241",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132251",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "132290",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132240",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132447",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201506-282",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-81170",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136587",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03820"
},
{
"db": "VULHUB",
"id": "VHN-81170"
},
{
"db": "BID",
"id": "75123"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003134"
},
{
"db": "PACKETSTORM",
"id": "132242"
},
{
"db": "PACKETSTORM",
"id": "132289"
},
{
"db": "PACKETSTORM",
"id": "136587"
},
{
"db": "PACKETSTORM",
"id": "132241"
},
{
"db": "PACKETSTORM",
"id": "132251"
},
{
"db": "PACKETSTORM",
"id": "134165"
},
{
"db": "NVD",
"id": "CVE-2015-3209"
}
]
},
"id": "VAR-201506-0038",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03820"
},
{
"db": "VULHUB",
"id": "VHN-81170"
}
],
"trust": 1.25138886
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03820"
}
]
},
"last_update_date": "2024-07-23T22:10:25.193000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://wiki.qemu.org/main_page"
},
{
"title": "JSA10698",
"trust": 0.8,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698"
},
{
"title": "XSA-135",
"trust": 0.8,
"url": "http://xenbits.xen.org/xsa/advisory-135.html"
},
{
"title": "Xen QEMU PCNET Controller Heap Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/59683"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03820"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003134"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003134"
},
{
"db": "NVD",
"id": "CVE-2015-3209"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://xenbits.xen.org/xsa/advisory-135.html"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1087.html"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1089.html"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3209"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1088.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2630-1"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032545"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/75123"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3284"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3285"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2015/dsa-3286"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160669.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160685.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160677.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1189.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00014.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"trust": 1.1,
"url": "https://kb.juniper.net/jsa10783"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10698"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3209"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3209"
},
{
"trust": 0.3,
"url": "https://www.mail-archive.com/qemu-devel@nongnu.org/msg302403.html"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1225882"
},
{
"trust": 0.3,
"url": "http://wiki.qemu.org/main_page"
},
{
"trust": 0.3,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10783\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101011972"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-3209"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4037"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5154"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4103"
},
{
"trust": 0.2,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4106"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3209"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4104"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4105"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10698"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4536"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4535"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4105"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4535"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6030"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8551"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4538"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8552"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6036"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7814"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4106"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3456"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3497"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3495"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3259"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3340"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2151"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4411"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7972"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4538"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6035"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3495"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3494"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6032"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4537"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6035"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6032"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3515"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3498"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6030"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3497"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3494"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4163"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8340"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7311"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2151"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6033"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8554"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4411"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6034"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3340"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4164"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3515"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4103"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3496"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3456"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4104"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3496"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2271"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7812"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/qemu/2.1+dfsg-4ubuntu6.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu14.23"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/qemu/1:2.2+dfsg-5expubuntu9.2"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3214"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5158"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03820"
},
{
"db": "VULHUB",
"id": "VHN-81170"
},
{
"db": "BID",
"id": "75123"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003134"
},
{
"db": "PACKETSTORM",
"id": "132242"
},
{
"db": "PACKETSTORM",
"id": "132289"
},
{
"db": "PACKETSTORM",
"id": "136587"
},
{
"db": "PACKETSTORM",
"id": "132241"
},
{
"db": "PACKETSTORM",
"id": "132251"
},
{
"db": "PACKETSTORM",
"id": "134165"
},
{
"db": "NVD",
"id": "CVE-2015-3209"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-03820"
},
{
"db": "VULHUB",
"id": "VHN-81170"
},
{
"db": "BID",
"id": "75123"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003134"
},
{
"db": "PACKETSTORM",
"id": "132242"
},
{
"db": "PACKETSTORM",
"id": "132289"
},
{
"db": "PACKETSTORM",
"id": "136587"
},
{
"db": "PACKETSTORM",
"id": "132241"
},
{
"db": "PACKETSTORM",
"id": "132251"
},
{
"db": "PACKETSTORM",
"id": "134165"
},
{
"db": "NVD",
"id": "CVE-2015-3209"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03820"
},
{
"date": "2015-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-81170"
},
{
"date": "2015-06-10T00:00:00",
"db": "BID",
"id": "75123"
},
{
"date": "2015-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003134"
},
{
"date": "2015-06-10T23:39:22",
"db": "PACKETSTORM",
"id": "132242"
},
{
"date": "2015-06-15T15:43:00",
"db": "PACKETSTORM",
"id": "132289"
},
{
"date": "2016-04-06T13:30:13",
"db": "PACKETSTORM",
"id": "136587"
},
{
"date": "2015-06-10T23:39:14",
"db": "PACKETSTORM",
"id": "132241"
},
{
"date": "2015-06-10T23:41:07",
"db": "PACKETSTORM",
"id": "132251"
},
{
"date": "2015-11-02T16:49:11",
"db": "PACKETSTORM",
"id": "134165"
},
{
"date": "2015-06-15T15:59:00.070000",
"db": "NVD",
"id": "CVE-2015-3209"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03820"
},
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-81170"
},
{
"date": "2017-04-18T00:05:00",
"db": "BID",
"id": "75123"
},
{
"date": "2015-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003134"
},
{
"date": "2023-02-13T00:48:06.167000",
"db": "NVD",
"id": "CVE-2015-3209"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "75123"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "QEMU of PCNET Controller heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "75123"
}
],
"trust": 0.3
}
}