CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13253
https://notcve.org/view.php?id=CVE-2020-13253
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. En la función sd_wp_addr en el archivo hw/sd/sd.c en QEMU versión 4.2.0, utiliza una dirección no comprobada, lo que conlleva a una lectura fuera de límites durante las operaciones sdhci_write(). Un usuario del Sistema Operativo invitado puede bloquear el proceso QEMU. • http://www.openwall.com/lists/oss-security/2020/05/27/2 https://bugzilla.redhat.com/show_bug.cgi?id=1838546 https://lists.debian.org/debian-lts-announce/2020/09/msg00013.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html https://security.gentoo.org/glsa/202011-09 https://usn.ubuntu.com/4467-1 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10702
https://notcve.org/view.php?id=CVE-2020-10702
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. Se encontró un fallo en QEMU en la implementación del soporte Pointer Authentication (PAuth) para ARM introducido en la versión 4.0 y corregido en la versión 5.0.0. Un fallo general del proceso de generación de firmas causó que cada puntero aplicado por PAuth se firmara con la misma firma. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10702 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de0b1bae6461f67243282555475f88b2384a1eb9 https://security.netapp.com/advisory/ntap-20200724-0007 • CWE-325: Missing Cryptographic Step •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11869
https://notcve.org/view.php?id=CVE-2020-11869
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. Se encontró un desbordamiento de enteros en QEMU versiones 4.0.1 hasta 4.2.0, en la manera en que implementó la emulación ATI VGA. Este error se produce en la rutina ati_2d_blt() en el archivo hw/display/ati-2d.c mientras se manejan operaciones de escritura MMIO por medio de la devolución de llamada de ati_mm_write(). • http://www.openwall.com/lists/oss-security/2020/04/24/2 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 https://usn.ubuntu.com/4372-1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15034
https://notcve.org/view.php?id=CVE-2019-15034
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. El archivo hw/display/bochs-display.c en QEMU versión 4.0.0, no garantiza una asignación suficiente de espacio de configuración PCI, conllevando a un desbordamiento del búfer que involucra el espacio de configuración extendido PCIe. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html https://usn.ubuntu.com/4372-1 https://www.debian.org/security/2020/dsa-4665 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-20382 – QEMU: vnc: memory leakage upon disconnect
https://notcve.org/view.php?id=CVE-2019-20382
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. QEMU versión 4.1.0, presenta una pérdida de memoria en la función zrle_compress_data en el archivo ui/vnc-enc-zrle.c durante una operación de desconexión de VNC porque libz es usada inapropiadamente, resultando en una situación donde la memoria asignada en deflateInit2 no es liberada en deflateEnd. A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib's data object. This allocated memory is not freed upon disconnection, resulting in a memory leak. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html http://www.openwall.com/lists/oss-security/2020/03/05/1 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html https://usn.ubuntu.com/4372-1 https://www.debian.org/security/2020/dsa-4665 https://access.redhat.com/security/cve/CVE-2019-20382 https://bugzilla.redhat.com/show_bug.cgi?id=1810390 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •