Page 10 of 91 results (0.009 seconds)

CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. Se detectó que el parche para CVE-2020-17380/CVE-2020-25085 era ineficaz, por lo que QEMU era vulnerable a problemas de acceso de lectura y escritura fuera de límites que se encontraban anteriormente en el código de emulación del controlador SDHCI. Este fallo permite a un invitado privilegiado malicioso bloquear el proceso QEMU en el host, resultando en una denegación de servicio o una posible ejecución de código. • https://bugzilla.redhat.com/show_bug.cgi?id=1928146 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210507-0001 https://www.openwall.com/lists/oss-security/2021/03/09/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 1

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected. Se encontró un fallo de uso de la memoria previamente liberada en el emulador MegaRAID de QEMU. • https://bugs.launchpad.net/qemu/+bug/1914236 https://bugzilla.redhat.com/show_bug.cgi?id=1924042 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210507-0001 • CWE-416: Use After Free •

CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. Se encontró un posible desbordamiento de la pila por medio de un problema de bucle infinito en varios emuladores de NIC de QEMU en versiones hasta 5.2.0 incluyéndola. El problema ocurre en el modo loopback de una NIC en donde son omitidas las comprobaciones DMA reentrantes. • https://bugzilla.redhat.com/show_bug.cgi?id=1932827 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210507-0002 https://www.openwall.com/lists/oss-security/2021/02/26/1 https://access.redhat.com/security/cve/CVE-2021-3416 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 1

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un problema de desbordamiento de enteros en el emulador de NIC vmxnet3 de QEMU para versiones hasta v5.2.0. Puede ocurrir si un invitado estaba suministrando valores no válidos para el tamaño de la cola rx/tx u otros parámetros de NIC. • https://bugs.launchpad.net/qemu/+bug/1913873 https://bugzilla.redhat.com/show_bug.cgi?id=1922441 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. Se encontró un fallo de condición de carrera en la implementación del servidor 9pfs de QEMU versiones hasta 5.2.0 incluyéndola. Este fallo permite a un cliente 9p malicioso causar un error de uso de la memoria previamente liberada, escalando potencialmente sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=1927007 https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210720-0009 https://www.zerodayinitiative.com/advisories/ZDI-21-159 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •