CVSS: 6.0EPSS: 0%CPEs: 11EXPL: 0CVE-2016-8909 – Qemu: audio: intel-hda: infinite loop in processing dma buffer stream
https://notcve.org/view.php?id=CVE-2016-8909
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. La función intel_hda_xfer en hw/audio/intel-hda.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una entrada con el mismo valor para la longitud del búfer y posición del puntero. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/24/1 http://www.openwall.com/lists/oss-security/2016/10/24/4 http://www.securityfocus.com/bid/93842 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html https://security. • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.0EPSS: 0%CPEs: 11EXPL: 0CVE-2016-8910 – Qemu: net: rtl8139: infinite loop while transmit in C+ mode
https://notcve.org/view.php?id=CVE-2016-8910
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. La función rtl8139_cplus_transmit en hw/net/rtl8139.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (bucle infinito y consumo de CPU) aprovechando el fallo para limitar el recuento del descriptor del anillo. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/24/2 http://www.openwall.com/lists/oss-security/2016/10/24/5 http://www.securityfocus.com/bid/93844 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html https://security. • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.0EPSS: 0%CPEs: 11EXPL: 0CVE-2016-8669 – Qemu: char: divide by zero error in serial_update_parameters
https://notcve.org/view.php?id=CVE-2016-8669
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. La función serial_update_parameters en hw/char/serial.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (error de división por cero y caída del proceso QEMU) a través de vectores que involucran un valor de divisor mayor que la base baud. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3592fe0c919cf27a81d8e9f9b4f269553418bb01 http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/14/9 http://www.openwall.com/lists/oss-security/2016/10/15/5 http://www.securityfocus.com/bid/93563 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https:/&#x • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2015-5160 – libvirt: Ceph id/key leaked in the process list
https://notcve.org/view.php?id=CVE-2015-5160
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. libvirt en versiones anteriores a la 2.2 incluye las credenciales de Ceph en la línea de comandos qemu cuando se utiliza RADOS Block Device (también conocido como RBD), lo que permite a los usuarios locales obtener información sensible mediante un listado de procesos. It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. • http://rhn.redhat.com/errata/RHSA-2016-2577.html http://www.openwall.com/lists/oss-security/2017/07/21/3 https://bugs.launchpad.net/ossn/+bug/1686743 https://bugzilla.redhat.com/show_bug.cgi?id=1245647 https://wiki.openstack.org/wiki/OSSN/OSSN-0079 https://access.redhat.com/security/cve/CVE-2015-5160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 10EXPL: 0CVE-2016-7422 – Qemu: virtio: null pointer dereference in virtqueu_map_desc
https://notcve.org/view.php?id=CVE-2016-7422
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. La función virtqueue_map_desc en hw/virtio/virtio.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (referencia a puntero NULL y caída del proceso QEMU) a través de un gran valor de longitud de búfer descriptor de I/O. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0 http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/09/16/10 http://www.openwall.com/lists/oss-security/2016/09/16/4 http://www.securityfocus.com/bid/92996 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html https:&# • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-476: NULL Pointer Dereference •