CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8354 – Qemu-kvm: usb: assertion failure in usb_ep_get()
https://notcve.org/view.php?id=CVE-2024-8354
19 Sep 2024 — A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition. Se encontró una falla en QEMU. Se produjo un error de aserción en la función usb_ep_get() en hw/net/core.c al intentar obtener el endpoint USB de un dispositivo USB. • https://access.redhat.com/security/cve/CVE-2024-8354 • CWE-617: Reachable Assertion •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6505 – Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss
https://notcve.org/view.php?id=CVE-2024-6505
05 Jul 2024 — A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host. Se encontró un fallo en el dispositivo virtio-net en QEMU. • https://access.redhat.com/security/cve/CVE-2024-6505 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2024-3567 – Qemu-kvm: net: assertion failure in update_sctp_checksum()
https://notcve.org/view.php?id=CVE-2024-3567
10 Apr 2024 — A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition. Se encontró una falla en QEMU. Se produjo un error de aserción en la función update_sctp_checksum() en hw/net/net_tx_pkt.c al intentar calcular la suma de comprobación de un paquete fragmentado de tamaño corto. • https://access.redhat.com/security/cve/CVE-2024-3567 • CWE-617: Reachable Assertion •
CVSS: 9.0EPSS: 0%CPEs: 19EXPL: 0CVE-2024-24474 – Ubuntu Security Notice USN-6954-1
https://notcve.org/view.php?id=CVE-2024-24474
20 Feb 2024 — QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. QEMU anterior a 8.2.0 tiene un desbordamiento de número entero y un desbordamiento de búfer resultante, a través de un comando TI cuando una longitud de transferencia esperada que no es DMA es menor que la longitud de los datos FIFO disponibles... • https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-26327 – QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow
https://notcve.org/view.php?id=CVE-2024-26327
19 Feb 2024 — An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. Se descubrió un problema en QEMU 7.1.0 a 8.2.1. Register_vfs en hw/pci/pcie_sriov.c maneja mal la situación en la que un invitado escribe NumVF mayores que TotalVF, lo que provoca un desbordamiento del búfer en las implementaciones de VF. A flaw was found in the SR/IOV emulation support of QEMU... • https://lore.kernel.org/all/20240214-reuse-v4-5-89ad093a07f4%40daynix.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6683 – Qemu: vnc: null pointer dereference in qemu_clipboard_request()
https://notcve.org/view.php?id=CVE-2023-6683
12 Jan 2024 — A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service. Se encontró una falla en el servidor QEMU built-in VNC al procesar mensajes ClientCutText. Se puede acceder a la función qemu_clipb... • https://access.redhat.com/errata/RHSA-2024:2135 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6693 – Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
https://notcve.org/view.php?id=CVE-2023-6693
02 Jan 2024 — A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. Se encontró un desbordamiento de búfer e... • https://access.redhat.com/errata/RHSA-2024:2962 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5088 – Qemu: improper ide controller reset can lead to mbr overwrite
https://notcve.org/view.php?id=CVE-2023-5088
03 Nov 2023 — A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot. Un error en QEMU podría causar que una operación de E/S de invitado que de otro modo estaría dirigida a... • https://access.redhat.com/errata/RHSA-2024:2135 • CWE-662: Improper Synchronization CWE-821: Incorrect Synchronization •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2680 – Dma reentrancy issue (incomplete fix for cve-2021-3750)
https://notcve.org/view.php?id=CVE-2023-2680
13 Sep 2023 — This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750. Este CVE existe debido a una solución incompleta para CVE-2021-3750. Más específicamente, el paquete qemu-kvm lanzado para Red Hat Enterprise Linux 9.1 a través de RHSA-2022:7967 incluía una versión de qemu-kvm a la que en realidad le faltaba la solución para ... • https://access.redhat.com/security/cve/CVE-2023-2680 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42467 – QEMU: am53c974: denial of service due to division by zero
https://notcve.org/view.php?id=CVE-2023-42467
11 Sep 2023 — QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. QEMU hasta 8.0.0 podría desencadenar una división por cero en scsi_disk_reset en hw/scsi/scsi-disk.c porque scsi_disk_emulate_mode_select no impide que s->qdev.blocksize sea 256. Esto detiene QEMU y el invitado inmediatamente. A denial of service vulnerability was found in the qemu ... • https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c • CWE-369: Divide By Zero •