CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-20815 – QEMU: device_tree: heap buffer overflow while loading device tree blob
https://notcve.org/view.php?id=CVE-2018-20815
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. En QEMU versión 3.1.0, la función load_device_tree en el archivo device_tree.c llama a la función en desuso load_image, que tiene un riesgo de desbordamiento de búfer. A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. • https://access.redhat.com/errata/RHSA-2019:1667 https://access.redhat.com/errata/RHSA-2019:1723 https://access.redhat.com/errata/RHSA-2019:1743 https://access.redhat.com/errata/RHSA-2019:1881 https://access.redhat.com/errata/RHSA-2019:1968 https://access.redhat.com/errata/RHSA-2019:2507 https://access.redhat.com/errata/RHSA-2019:2553 https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17 https://lists.fedoraproject.org/archives/list/package-announce& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2019-5008
https://notcve.org/view.php?id=CVE-2019-5008
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. El archivo hw/sparc64/sun4u.c en QEMU versión 3.1.50, es vulnerable a una desreferencia del puntero NULL, lo que permite al atacante provocar una Denegación de Servicio (DoS) por medio de un controlador de dispositivo. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html http://www.securityfocus.com/bid/108024 https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008 https://git.qemu.org/?p=qemu.git%3Ba=history%3Bf=hw/sparc64/sun4u.c%3Bhb=HEAD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL https:/ • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-8934
https://notcve.org/view.php?id=CVE-2019-8934
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. hw/ppc/spapr.c en QEMU, hasta la versión 3.1.0, permite la exposición de información debido a que el hipervisor comparte los atributos del sistema en /proc/device-tree/system-id and /proc/device-tree/model con un invitado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html http://www.openwall.com/lists/oss-security/2019/02/21/1 http://www.securityfocus.com/bid/107115 https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html https://security.netapp.com/advisory/ntap-20190411-0006 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-6778 – QEMU: slirp: heap buffer overflow in tcp_emu()
https://notcve.org/view.php?id=CVE-2019-6778
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. En QEMU 3.0.0, tcp_emu en slirp/tcp_subr.c tiene un desbordamiento de búfer basado en memoria dinámica (heap). A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host resulting in a DoS or potentially executing arbitrary code with privileges of the QEMU process. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html http://www.openwall.com/lists/oss-security/2019/01/24/5 http://www.securityfocus.com/bid/106758 https://access.redhat.com& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-6501 – QEMU: scsi-generic: possible OOB access while handling inquiry request
https://notcve.org/view.php?id=CVE-2019-6501
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. En QEMU 3.1, scsi_handle_inquiry_reply en hw/scsi/scsi-generic.c permite operaciones de lectura y escritura fuera de límites. • http://www.openwall.com/lists/oss-security/2019/01/24/1 https://access.redhat.com/errata/RHSA-2019:2166 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7 https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html https://security.netapp.com/advisory/ntap-20190411-0006 https://access.redhat.com/security/cve/CVE& • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •