Page 13 of 391 results (0.016 seconds)

CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. Se encontró un desbordamiento del búfer en la región heap de la memoria en QEMU versiones hasta 5.0.0, en el soporte de emulación de dispositivo SDHCI. Podría ocurrir mientras se realiza una transferencia SDMA de bloques múltiples por medio de la rutina sdhci_sdma_transfer_multi_blocks() en el archivo hw/sd/sdhci.c. • http://www.openwall.com/lists/oss-security/2021/03/09/1 https://bugzilla.redhat.com/show_bug.cgi?id=1862167 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html https://security.netapp.com/advisory/ntap-20210312-0003 • CWE-787: Out-of-bounds Write •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. El archivo hw/usb/hcd-ohci.c en QEMU versión 5.0.0, presenta una lectura excesiva del búfer en la región stack de la memoria por medio de valores obtenidos desde el driver del controlador de host • https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html https://security.netapp.com/advisory/ntap-20201210-0005 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. La función eth_get_gso_type en el archivo net/eth.c en QEMU versión 4.2.1, permite a usuarios de OS invitados desencadenar un error de aserción. Un invitado puede bloquear el proceso de QEMU por medio de paquetes de datos que carecen de un protocolo de Capa 3 válido An assert(3) failure flaw was found in the networking helper functions of QEMU. This vulnerability can occur in the eth_get_gso_type() routine if a packet does not have a valid networking L3 protocol (ex. • http://www.openwall.com/lists/oss-security/2020/11/02/1 https://lists.debian.org/debian-lts-announce/2020/11/msg00047.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05731.html https://security.netapp.com/advisory/ntap-20201202-0002 https://access.redhat.com/security/cve/CVE-2020-27617 https://bugzilla.redhat.com/show_bug.cgi?id=1891668 • CWE-617: Reachable Assertion •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. La función ati_2d_blt en el archivo hw/display/ati_2d.c en QEMU versión 4.2.1, puede encontrar una situación fuera de límites en un cálculo. Un invitado puede bloquear el proceso QEMU • http://www.openwall.com/lists/oss-security/2020/11/03/2 https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg05018.html https://security.netapp.com/advisory/ntap-20201202-0002 • CWE-682: Incorrect Calculation •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se detectó un problema en QEMU versiones hasta 5.1.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1847584 https://git.qemu.org/?p=qemu.git https://security.netapp.com/advisory/ntap-20201123-0003 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •