CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25624
https://notcve.org/view.php?id=CVE-2020-25624
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. El archivo hw/usb/hcd-ohci.c en QEMU versión 5.0.0, presenta una lectura excesiva del búfer en la región stack de la memoria por medio de valores obtenidos desde el driver del controlador de host • https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html https://security.netapp.com/advisory/ntap-20201210-0005 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27617 – QEMU: net: an assert failure via eth_get_gso_type
https://notcve.org/view.php?id=CVE-2020-27617
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. La función eth_get_gso_type en el archivo net/eth.c en QEMU versión 4.2.1, permite a usuarios de OS invitados desencadenar un error de aserción. Un invitado puede bloquear el proceso de QEMU por medio de paquetes de datos que carecen de un protocolo de Capa 3 válido An assert(3) failure flaw was found in the networking helper functions of QEMU. This vulnerability can occur in the eth_get_gso_type() routine if a packet does not have a valid networking L3 protocol (ex. • http://www.openwall.com/lists/oss-security/2020/11/02/1 https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html https://security.netapp.com/advisory/ntap-20201202-0002 https://access.redhat.com/security/cve/CVE-2020-27617 https://bugzilla.redhat.com/show_bug.cgi?id=1891668 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27616
https://notcve.org/view.php?id=CVE-2020-27616
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. La función ati_2d_blt en el archivo hw/display/ati_2d.c en QEMU versión 4.2.1, puede encontrar una situación fuera de límites en un cálculo. Un invitado puede bloquear el proceso QEMU • http://www.openwall.com/lists/oss-security/2020/11/03/2 https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html https://security.netapp.com/advisory/ntap-20201202-0002 • CWE-682: Incorrect Calculation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24352
https://notcve.org/view.php?id=CVE-2020-24352
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se detectó un problema en QEMU versiones hasta 5.1.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1847584 https://git.qemu.org/?p=qemu.git https://security.netapp.com/advisory/ntap-20201123-0003 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25742
https://notcve.org/view.php?id=CVE-2020-25742
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. La función pci_change_irq_level en el archivo hw/pci/pci.c en QEMU versiones anteriores a 5.1.1, presenta una desreferencia de puntero NULL porque la función pci_get_bus() podría no devolver un puntero válido • http://www.openwall.com/lists/oss-security/2020/09/29/1 https://bugzilla.redhat.com/show_bug.cgi?id=1883178 https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1 • CWE-476: NULL Pointer Dereference •