CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13765 – QEMU: loader: OOB access while loading registered ROM may lead to code execution
https://notcve.org/view.php?id=CVE-2020-13765
04 Jun 2020 — rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. La función rom_copy() en el archivo hw/core/loader.c en QEMU versión 4.0 y versión 4.1.0, no comprueba la relación entre dos direcciones, lo que permite a atacantes activar una operación de copia de memoria no válida An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the... • https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e423455c4f23a1a828901c78fe6d03b7dde79319 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13791 – Gentoo Linux Security Advisory 202011-09
https://notcve.org/view.php?id=CVE-2020-13791
04 Jun 2020 — hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. El archivo hw/pci/pci.c en QEMU versión 4.2.0, permite a usuarios invitados del Sistema Operativo desencadenar un acceso fuera de límites al proporcionar una dirección cerca del final del espacio de configuración de PCI Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 5.... • https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13800 – Gentoo Linux Security Advisory 202011-09
https://notcve.org/view.php?id=CVE-2020-13800
04 Jun 2020 — ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. ati-vga en el archivo hw/display/ati.c en QEMU versión 4.2.0, permite a usuarios invitados del Sistema Operativo desencadenar una recursividad infinita por medio de un valor mm_index diseñado durante una llamada de ati_mm_read o ati_mm_write Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled r... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-674: Uncontrolled Recursion •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13754 – QEMU: msix: OOB access during mmio operations may lead to DoS
https://notcve.org/view.php?id=CVE-2020-13754
02 Jun 2020 — hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. En el archivo hw/pci/msix.c en QEMU versión 4.2.0, permite a usuarios invitados del SO desencadenar un acceso fuera de límites por medio de una dirección diseñada en una operación msi-x mmio. An out-of-bounds access flaw was found in the Message Signalled Interrupt (MSI-X) device support of QEMU. This issue occurs while performing MSI-X mmio operations when a guest sent addr... • http://www.openwall.com/lists/oss-security/2020/06/01/6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 2.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13659 – Debian Security Advisory 4728-1
https://notcve.org/view.php?id=CVE-2020-13659
02 Jun 2020 — address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. La función address_space_map en el archivo exec.c en QEMU versión 4.2.0, puede desencadenar una desreferencia del puntero NULL relacionada a BounceBuffer. Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information.... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-476: NULL Pointer Dereference •
CVSS: 3.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13362 – Debian Security Advisory 4728-1
https://notcve.org/view.php?id=CVE-2020-13362
28 May 2020 — In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. En QEMU versión 5.0.0 y versiones anteriores, la función megasas_lookup_frame en el archivo hw/scsi/megasas.c presenta una lectura fuera de límites mediante el campo reply_queue_head desde un usuario invitado del Sistema Operativo. Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-125: Out-of-bounds Read •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13361 – Debian Security Advisory 4728-1
https://notcve.org/view.php?id=CVE-2020-13361
28 May 2020 — In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. En QEMU versión 5.0.0 y versiones anteriores, la función es1370_transfer_audio en el archivo hw/audio/es1370.c no comprueba apropiadamente el conteo de tramas, lo que permite a usuarios invitados del Sistema Operativo desencadenar un acceso fuera de límites durante una operación es1370_write(). Zim... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13253 – Gentoo Linux Security Advisory 202011-09
https://notcve.org/view.php?id=CVE-2020-13253
27 May 2020 — sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. En la función sd_wp_addr en el archivo hw/sd/sd.c en QEMU versión 4.2.0, utiliza una dirección no comprobada, lo que conlleva a una lectura fuera de límites durante las operaciones sdhci_write(). Un usuario del Sistema Operativo invitado puede bloquear el proceso QEMU. Ziming Zhang and VictorV discovered that the QEMU SLiRP netw... • http://www.openwall.com/lists/oss-security/2020/05/27/2 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10702 – Ubuntu Security Notice USN-4372-1
https://notcve.org/view.php?id=CVE-2020-10702
21 May 2020 — A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. Se encontró un fallo en QEMU en la implementación del soporte Pointer Authenticat... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10702 • CWE-325: Missing Cryptographic Step •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10717 – Gentoo Linux Security Advisory 202011-09
https://notcve.org/view.php?id=CVE-2020-10717
04 May 2020 — A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. Se encontró un fallo potencial de DoS en la implementación del demonio del sistema de arch... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717 • CWE-770: Allocation of Resources Without Limits or Throttling •