CVE-2021-3416 – QEMU: net: Infinite loop in loopback mode may lead to stack overflow
https://notcve.org/view.php?id=CVE-2021-3416
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. Se encontró un posible desbordamiento de la pila por medio de un problema de bucle infinito en varios emuladores de NIC de QEMU en versiones hasta 5.2.0 incluyéndola. El problema ocurre en el modo loopback de una NIC en donde son omitidas las comprobaciones DMA reentrantes. • https://bugzilla.redhat.com/show_bug.cgi?id=1932827 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210507-0002 https://www.openwall.com/lists/oss-security/2021/02/26/1 https://access.redhat.com/security/cve/CVE-2021-3416 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-20203
https://notcve.org/view.php?id=CVE-2021-20203
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un problema de desbordamiento de enteros en el emulador de NIC vmxnet3 de QEMU para versiones hasta v5.2.0. Puede ocurrir si un invitado estaba suministrando valores no válidos para el tamaño de la cola rx/tx u otros parámetros de NIC. • https://bugs.launchpad.net/qemu/+bug/1913873 https://bugzilla.redhat.com/show_bug.cgi?id=1922441 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 • CWE-190: Integer Overflow or Wraparound •
CVE-2021-20181 – QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-20181
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. Se encontró un fallo de condición de carrera en la implementación del servidor 9pfs de QEMU versiones hasta 5.2.0 incluyéndola. Este fallo permite a un cliente 9p malicioso causar un error de uso de la memoria previamente liberada, escalando potencialmente sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=1927007 https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210720-0009 https://www.zerodayinitiative.com/advisories/ZDI-21-159 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2020-27821 – QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c
https://notcve.org/view.php?id=CVE-2020-27821
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. Se encontró uno fallo en la API de administración de memoria de QEMU durante la inicialización de una caché de región de memoria. • http://www.openwall.com/lists/oss-security/2020/12/16/6 https://bugzilla.redhat.com/show_bug.cgi?id=1902651 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210115-0006 https://access.redhat.com/security/cve/CVE-2020-27821 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-25723 – QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c
https://notcve.org/view.php?id=CVE-2020-25723
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de aserción alcanzable en el código de emulación USB EHCI de QEMU. Podría ocurrir mientras se procesan las peticiones USB debido a una falta de manejo del fallo del mapa de memoria DMA. • http://www.openwall.com/lists/oss-security/2020/12/22/1 https://bugzilla.redhat.com/show_bug.cgi?id=1898579 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20201218-0004 https://access.redhat.com/security/cve/CVE-2020-25723 • CWE-617: Reachable Assertion •