CVSS: 2.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13659 – Debian Security Advisory 4728-1
https://notcve.org/view.php?id=CVE-2020-13659
02 Jun 2020 — address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. La función address_space_map en el archivo exec.c en QEMU versión 4.2.0, puede desencadenar una desreferencia del puntero NULL relacionada a BounceBuffer. Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information.... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-476: NULL Pointer Dereference •
CVSS: 3.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13362 – Debian Security Advisory 4728-1
https://notcve.org/view.php?id=CVE-2020-13362
28 May 2020 — In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. En QEMU versión 5.0.0 y versiones anteriores, la función megasas_lookup_frame en el archivo hw/scsi/megasas.c presenta una lectura fuera de límites mediante el campo reply_queue_head desde un usuario invitado del Sistema Operativo. Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-125: Out-of-bounds Read •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13361 – Debian Security Advisory 4728-1
https://notcve.org/view.php?id=CVE-2020-13361
28 May 2020 — In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. En QEMU versión 5.0.0 y versiones anteriores, la función es1370_transfer_audio en el archivo hw/audio/es1370.c no comprueba apropiadamente el conteo de tramas, lo que permite a usuarios invitados del Sistema Operativo desencadenar un acceso fuera de límites durante una operación es1370_write(). Zim... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13253 – Gentoo Linux Security Advisory 202011-09
https://notcve.org/view.php?id=CVE-2020-13253
27 May 2020 — sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. En la función sd_wp_addr en el archivo hw/sd/sd.c en QEMU versión 4.2.0, utiliza una dirección no comprobada, lo que conlleva a una lectura fuera de límites durante las operaciones sdhci_write(). Un usuario del Sistema Operativo invitado puede bloquear el proceso QEMU. Ziming Zhang and VictorV discovered that the QEMU SLiRP netw... • http://www.openwall.com/lists/oss-security/2020/05/27/2 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10702 – Ubuntu Security Notice USN-4372-1
https://notcve.org/view.php?id=CVE-2020-10702
21 May 2020 — A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. Se encontró un fallo en QEMU en la implementación del soporte Pointer Authenticat... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10702 • CWE-325: Missing Cryptographic Step •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10717 – Gentoo Linux Security Advisory 202011-09
https://notcve.org/view.php?id=CVE-2020-10717
04 May 2020 — A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. Se encontró un fallo potencial de DoS en la implementación del demonio del sistema de arch... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11869 – Ubuntu Security Notice USN-4372-1
https://notcve.org/view.php?id=CVE-2020-11869
27 Apr 2020 — An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. Se encontró un desbordamiento de enteros en QEMU versiones 4.0.1 hasta 4.2.0, en la manera en que implementó la emulación ATI VGA. Este error se produce en la rutina ... • http://www.openwall.com/lists/oss-security/2020/04/24/2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11102 – Gentoo Linux Security Advisory 202005-02
https://notcve.org/view.php?id=CVE-2020-11102
06 Apr 2020 — hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. El archivo hw/net/tulip.c en QEMU versión 4.2.0, presenta un desbordamiento de búfer durante la copia de los búferes tx/rx porque el tamaño de trama no está validado con respecto a la longitud de datos r/w. Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 4.2.0-r5 are... • http://www.openwall.com/lists/oss-security/2020/04/06/1 • CWE-787: Out-of-bounds Write •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15034 – Debian Security Advisory 4665-1
https://notcve.org/view.php?id=CVE-2019-15034
10 Mar 2020 — hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. El archivo hw/display/bochs-display.c en QEMU versión 4.0.0, no garantiza una asignación suficiente de espacio de configuración PCI, conllevando a un desbordamiento del búfer que involucra el espacio de configuración extendido PCIe. It was discovered that QEMU incorrectly handled bochs-display devices. A local attacker in a guest could use ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-20382 – QEMU: vnc: memory leakage upon disconnect
https://notcve.org/view.php?id=CVE-2019-20382
05 Mar 2020 — QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. QEMU versión 4.1.0, presenta una pérdida de memoria en la función zrle_compress_data en el archivo ui/vnc-enc-zrle.c durante una operación de desconexión de VNC porque libz es usada inapropiadamente, resultando en una situación donde la memoria asignada en deflateInit2 no es liberada en d... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •