CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11947 – QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure
https://notcve.org/view.php?id=CVE-2020-11947
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. La función iscsi_aio_ioctl_cb en el archivo block/iscsi.c en QEMU 4.1.0, presenta una lectura excesiva del búfer en la región heap de la memoria que puede revelar información no relacionada de la memoria del proceso a un atacante. A heap buffer overflow flaw was found in the iSCSI support of QEMU. This flaw could lead to an out-of-bounds read access and possible information disclosure from the QEMU process memory to a malicious guest. The highest threat from this vulnerability is to data confidentiality. • http://www.openwall.com/lists/oss-security/2021/01/13/4 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 https://security.netapp.com/advisory/ntap-20210212-0001 https://access.redhat.com/security/cve/CVE-2020-11947 https://bugzilla.redhat.com/show_bug.cgi?id=1912765 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27821 – QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c
https://notcve.org/view.php?id=CVE-2020-27821
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. Se encontró uno fallo en la API de administración de memoria de QEMU durante la inicialización de una caché de región de memoria. • http://www.openwall.com/lists/oss-security/2020/12/16/6 https://bugzilla.redhat.com/show_bug.cgi?id=1902651 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210115-0006 https://access.redhat.com/security/cve/CVE-2020-27821 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-28916 – QEMU: e1000e: infinite loop scenario in case of null packet descriptor
https://notcve.org/view.php?id=CVE-2020-28916
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. El archivo hw/net/e1000e_core.c en QEMU versión 5.0.0, presenta un bucle infinito por medio de un descriptor RX con una dirección de búfer NULL An infinite loop flaw was found in the e1000e device emulator in QEMU. This issue could occur while receiving packets via the e1000e_write_packet_to_guest() routine, if the receive(RX) descriptor has a NULL buffer address. This flaw allows a privileged guest user to cause a denial of service. The highest threat from this vulnerability is to system availability. • http://www.openwall.com/lists/oss-security/2020/12/01/2 https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html https://access.redhat.com/security/cve/CVE-2020-28916 https://bugzilla.redhat.com/show_bug.cgi?id=1903064 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-17380
https://notcve.org/view.php?id=CVE-2020-17380
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. Se encontró un desbordamiento del búfer en la región heap de la memoria en QEMU versiones hasta 5.0.0, en el soporte de emulación de dispositivo SDHCI. Podría ocurrir mientras se realiza una transferencia SDMA de bloques múltiples por medio de la rutina sdhci_sdma_transfer_multi_blocks() en el archivo hw/sd/sdhci.c. • http://www.openwall.com/lists/oss-security/2021/03/09/1 https://bugzilla.redhat.com/show_bug.cgi?id=1862167 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html https://security.netapp.com/advisory/ntap-20210312-0003 • CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25723 – QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c
https://notcve.org/view.php?id=CVE-2020-25723
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de aserción alcanzable en el código de emulación USB EHCI de QEMU. Podría ocurrir mientras se procesan las peticiones USB debido a una falta de manejo del fallo del mapa de memoria DMA. • http://www.openwall.com/lists/oss-security/2020/12/22/1 https://bugzilla.redhat.com/show_bug.cgi?id=1898579 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20201218-0004 https://access.redhat.com/security/cve/CVE-2020-25723 • CWE-617: Reachable Assertion •