CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3409
https://notcve.org/view.php?id=CVE-2021-3409
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. Se detectó que el parche para CVE-2020-17380/CVE-2020-25085 era ineficaz, por lo que QEMU era vulnerable a problemas de acceso de lectura y escritura fuera de límites que se encontraban anteriormente en el código de emulación del controlador SDHCI. Este fallo permite a un invitado privilegiado malicioso bloquear el proceso QEMU en el host, resultando en una denegación de servicio o una posible ejecución de código. • https://bugzilla.redhat.com/show_bug.cgi?id=1928146 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210507-0001 https://www.openwall.com/lists/oss-security/2021/03/09/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3392
https://notcve.org/view.php?id=CVE-2021-3392
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected. Se encontró un fallo de uso de la memoria previamente liberada en el emulador MegaRAID de QEMU. • https://bugs.launchpad.net/qemu/+bug/1914236 https://bugzilla.redhat.com/show_bug.cgi?id=1924042 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210507-0001 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-3416 – QEMU: net: Infinite loop in loopback mode may lead to stack overflow
https://notcve.org/view.php?id=CVE-2021-3416
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. Se encontró un posible desbordamiento de la pila por medio de un problema de bucle infinito en varios emuladores de NIC de QEMU en versiones hasta 5.2.0 incluyéndola. El problema ocurre en el modo loopback de una NIC en donde son omitidas las comprobaciones DMA reentrantes. • https://bugzilla.redhat.com/show_bug.cgi?id=1932827 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210507-0002 https://www.openwall.com/lists/oss-security/2021/02/26/1 https://access.redhat.com/security/cve/CVE-2021-3416 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20263
https://notcve.org/view.php?id=CVE-2021-20263
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. Se encontró un fallo en el demonio del sistema de archivos compartidos virtio-fs (virtiofsd) de QEMU. La nueva opción "xattrmap" puede causar que el xattr "security.capability" en el invitado no caiga en la escritura del archivo, potencialmente conllevando a un ejecutable privilegiado modificado en el invitado. • https://bugzilla.redhat.com/show_bug.cgi?id=1933668 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210507-0002 https://www.openwall.com/lists/oss-security/2021/03/08/1 • CWE-281: Improper Preservation of Permissions •
CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 1CVE-2021-20203
https://notcve.org/view.php?id=CVE-2021-20203
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un problema de desbordamiento de enteros en el emulador de NIC vmxnet3 de QEMU para versiones hasta v5.2.0. Puede ocurrir si un invitado estaba suministrando valores no válidos para el tamaño de la cola rx/tx u otros parámetros de NIC. • https://bugs.launchpad.net/qemu/+bug/1913873 https://bugzilla.redhat.com/show_bug.cgi?id=1922441 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 • CWE-190: Integer Overflow or Wraparound •