CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-20808
https://notcve.org/view.php?id=CVE-2019-20808
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. En QEMU versión 4.1.0, se encontró un fallo de lectura fuera de límites en la implementación VGA de ATI. Ocurre en la rutina ati_cursor_define() mientras maneja las operaciones de escritura MMIO mediante la devolución de llamada de ati_mm_write(). • https://bugzilla.redhat.com/show_bug.cgi?id=1841136 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13 https://security.netapp.com/advisory/ntap-20210205-0003 • CWE-125: Out-of-bounds Read •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11947 – QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure
https://notcve.org/view.php?id=CVE-2020-11947
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. La función iscsi_aio_ioctl_cb en el archivo block/iscsi.c en QEMU 4.1.0, presenta una lectura excesiva del búfer en la región heap de la memoria que puede revelar información no relacionada de la memoria del proceso a un atacante. A heap buffer overflow flaw was found in the iSCSI support of QEMU. This flaw could lead to an out-of-bounds read access and possible information disclosure from the QEMU process memory to a malicious guest. The highest threat from this vulnerability is to data confidentiality. • http://www.openwall.com/lists/oss-security/2021/01/13/4 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 https://security.netapp.com/advisory/ntap-20210212-0001 https://access.redhat.com/security/cve/CVE-2020-11947 https://bugzilla.redhat.com/show_bug.cgi?id=1912765 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27821 – QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c
https://notcve.org/view.php?id=CVE-2020-27821
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. Se encontró uno fallo en la API de administración de memoria de QEMU durante la inicialización de una caché de región de memoria. • http://www.openwall.com/lists/oss-security/2020/12/16/6 https://bugzilla.redhat.com/show_bug.cgi?id=1902651 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210115-0006 https://access.redhat.com/security/cve/CVE-2020-27821 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-17380
https://notcve.org/view.php?id=CVE-2020-17380
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. Se encontró un desbordamiento del búfer en la región heap de la memoria en QEMU versiones hasta 5.0.0, en el soporte de emulación de dispositivo SDHCI. Podría ocurrir mientras se realiza una transferencia SDMA de bloques múltiples por medio de la rutina sdhci_sdma_transfer_multi_blocks() en el archivo hw/sd/sdhci.c. • http://www.openwall.com/lists/oss-security/2021/03/09/1 https://bugzilla.redhat.com/show_bug.cgi?id=1862167 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html https://security.netapp.com/advisory/ntap-20210312-0003 • CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25723 – QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c
https://notcve.org/view.php?id=CVE-2020-25723
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de aserción alcanzable en el código de emulación USB EHCI de QEMU. Podría ocurrir mientras se procesan las peticiones USB debido a una falta de manejo del fallo del mapa de memoria DMA. • http://www.openwall.com/lists/oss-security/2020/12/22/1 https://bugzilla.redhat.com/show_bug.cgi?id=1898579 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20201218-0004 https://access.redhat.com/security/cve/CVE-2020-25723 • CWE-617: Reachable Assertion •