CVE-2021-20257 – QEMU: net: e1000: infinite loop while processing transmit descriptors
https://notcve.org/view.php?id=CVE-2021-20257
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de bucle infinito en el emulador NIC e1000 de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1930087 https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220425-0003 https://www.openwall.com/lists/oss-security/2021/02/25/2 https://access.redhat.com/security/cve/CVE-2021-20257 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2020-27661
https://notcve.org/view.php?id=CVE-2020-27661
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de división por cero en la función dwc2_handle_packet en el archivo hw/usb/hcd-dwc2.c en la emulación del controlador de host USB hcd-dwc2 de QEMU. Un huésped malicioso podría utilizar este fallo para bloquear el proceso de QEMU en el host, resultando en una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=1890653 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bea2a9e3e00b275dc40cfa09c760c715b8753e03 https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html https://security.netapp.com/advisory/ntap-20210720-0010 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1770368.html • CWE-369: Divide By Zero •
CVE-2019-12067
https://notcve.org/view.php?id=CVE-2019-12067
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. La función ahci_commit_buf en el archivo ide/ahci.c en QEMU permite a atacantes causar una denegación de servicio (derivación de NULL) cuando el encabezado del comando "ad-)cur_cmd" es null • https://bugzilla.suse.com/show_bug.cgi?id=1145642 https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html https://security-tracker.debian.org/tracker/CVE-2019-12067 https://security.netapp.com/advisory/ntap-20210727-0001 • CWE-476: NULL Pointer Dereference •
CVE-2021-3546
https://notcve.org/view.php?id=CVE-2021-3546
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process. Se ha encontrado una vulnerabilidad de escritura fuera de límites en el dispositivo GPU virtio vhost-user (vhost-user-gpu) de QEMU en las versiones hasta la 6.0 inclusive. El fallo se produce al procesar el comando 'VIRTIO_GPU_CMD_GET_CAPSET' del huésped. • http://www.openwall.com/lists/oss-security/2021/05/31/1 https://bugzilla.redhat.com/show_bug.cgi?id=1958978 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210720-0008 https://www.debian.org/security/2021/dsa-4980 • CWE-787: Out-of-bounds Write •
CVE-2021-3545
https://notcve.org/view.php?id=CVE-2021-3545
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. Se ha encontrado una vulnerabilidad de divulgación de información en el dispositivo GPU virtio vhost-user (vhost-user-gpu) de QEMU en las versiones hasta 6.0 incluyéndola. El fallo se presenta en la función virgl_cmd_get_capset_info() en el archivo contrib/vhost-user-gpu/virgl.c y podría ocurrir debido a una lectura de memoria no inicializada. • http://www.openwall.com/lists/oss-security/2021/05/31/1 https://bugzilla.redhat.com/show_bug.cgi?id=1958955 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210720-0008 https://www.debian.org/security/2021/dsa-4980 • CWE-908: Use of Uninitialized Resource •