Page 12 of 312 results (0.016 seconds)

CVSS: 3.8EPSS: 0%CPEs: 7EXPL: 0

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. En QEMU versiones hasta 5.0.0, puede ocurrir un fallo de aserción en el procesamiento de paquetes de red. Este problema afecta a los dispositivos de red e1000e y vmxnet3. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html http://www.openwall.com/lists/oss-security/2020/08/10/1 https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg07563.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20200821-0006 https://usn.ubuntu.com/4467-1 https://www.debian.org/security/2020/dsa-4760 https://access.redhat.com/s • CWE-617: Reachable Assertion •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. El archivo hw/net/xgmac.c en el controlador Ethernet XGMAC en QEMU antes del 20/07/2020, presenta un desbordamiento de búfer. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html http://www.openwall.com/lists/oss-security/2020/07/22/1 https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=5519724a13664b43e225ca05351c60b4468e4555 https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg03497.html https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05745.html https://security.gentoo.org/glsa/202208-27 https://usn.ubuntu.com/4467-1 https://www.debian.org/security/2020/dsa-47 • CWE-787: Out-of-bounds Write •

CVSS: 2.3EPSS: 0%CPEs: 3EXPL: 0

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. En QEMU versión 4.2.0, un objeto MemoryRegionOps puede carecer de métodos de devolución de llamada de lectura y escritura, conllevando a una desreferencia del puntero NULL • http://www.openwall.com/lists/oss-security/2020/07/02/1 https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html • CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. Se encontró un problema de fallo de aserción en el Network Block Device (NBD) en todas las versiones de QEMU anteriores a QEMU versión 5.0.1. Este fallo ocurre cuando un cliente nbd envía una petición que cumple con las especificaciones que está cerca del límite de la longitud máxima permitida de la petición. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10761 https://security.gentoo.org/glsa/202011-09 https://security.netapp.com/advisory/ntap-20200731-0001 https://usn.ubuntu.com/4467-1 https://www.openwall.com/lists/oss-security/2020/06/09/1 • CWE-617: Reachable Assertion •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. El archivo hw/pci/pci.c en QEMU versión 4.2.0, permite a usuarios invitados del Sistema Operativo desencadenar un acceso fuera de límites al proporcionar una dirección cerca del final del espacio de configuración de PCI • https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html https://security.gentoo.org/glsa/202011-09 https://security.netapp.com/advisory/ntap-20200717-0001 https://www.openwall.com/lists/oss-security/2020/06/04/1 • CWE-125: Out-of-bounds Read •