Page 14 of 405 results (0.011 seconds)

CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 1

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un problema de desbordamiento de enteros en el emulador de NIC vmxnet3 de QEMU para versiones hasta v5.2.0. Puede ocurrir si un invitado estaba suministrando valores no válidos para el tamaño de la cola rx/tx u otros parámetros de NIC. • https://bugs.launchpad.net/qemu/+bug/1913873 https://bugzilla.redhat.com/show_bug.cgi?id=1922441 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. Se encontró un fallo de condición de carrera en la implementación del servidor 9pfs de QEMU versiones hasta 5.2.0 incluyéndola. Este fallo permite a un cliente 9p malicioso causar un error de uso de la memoria previamente liberada, escalando potencialmente sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=1927007 https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210720-0009 https://www.zerodayinitiative.com/advisories/ZDI-21-159 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. Se encontró un fallo en qemu. Se encontró un problema de escalada de privilegios del host en el demonio del sistema de archivos compartidos virtio-fs, donde un usuario invitado privilegiado puede crear un archivo especial de dispositivo en el directorio compartido y usarlo para dispositivos host de acceso de r/w A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. • https://bugzilla.redhat.com/show_bug.cgi?id=1915823 https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210312-0002 https://www.openwall.com/lists/oss-security/2021/01/22/1 https://access.redhat.com/security/cve/CVE-2020-35517 • CWE-269: Improper Privilege Management •

CVSS: 3.9EPSS: 0%CPEs: 3EXPL: 0

ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. La función ide_atapi_cmd_reply_end en el archivo hw/ide/atapi.c, en QEMU versión 5.1.0, permite un acceso de lectura fuera de límites porque un índice de búfer no está comprobado An out-of-bounds read-access flaw was found in the ATAPI Emulator of QEMU. This issue occurs while processing the ATAPI read command if the logical block address(LBA) is set to an invalid value. A guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service. • http://www.openwall.com/lists/oss-security/2021/01/18/2 https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg04685.html https://security.netapp.com/advisory/ntap-20210304-0003 https://access.redhat.com/security/cve/CVE-2020-29443 https://bugzilla.redhat.com/show_bug.cgi?id=1917446 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. En QEMU versión 4.1.0, se encontró un fallo de lectura fuera de límites en la implementación VGA de ATI. Ocurre en la rutina ati_cursor_define() mientras maneja las operaciones de escritura MMIO mediante la devolución de llamada de ati_mm_write(). • https://bugzilla.redhat.com/show_bug.cgi?id=1841136 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13 https://security.netapp.com/advisory/ntap-20210205-0003 • CWE-125: Out-of-bounds Read •