CVE-2018-7858 – QEMU: cirrus: OOB access when updating VGA display
https://notcve.org/view.php?id=CVE-2018-7858
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. Quick Emulator (también conocido como QEMU), cuando se integra con soporte para Cirrus CLGD 54xx VGA Emulator, permite que usuarios privilegiados locales, invitados del sistema operativo, provoquen una denegación de servicio (acceso fuera de límites y cierre inesperado del proceso QEMU) aprovechando los cálculos de región incorrectos al actualizar la pantalla VGA. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://www.openwall.com/lists/oss-security/2018/03/09/1 http://www.securityfocus.com/bid/103350 https://access.redhat.com/errata/RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:1416 https://access.redhat.com/errata/RHSA-2018:2162 https://bugzilla.redhat.com/show_bug.cgi?id=1553402 https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html https://usn.ubuntu.com/3649-1 ht • CWE-125: Out-of-bounds Read •
CVE-2018-7550 – QEMU: i386: multiboot OOB access while loading kernel image
https://notcve.org/view.php?id=CVE-2018-7550
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. La función load_multiboot en hw/i386/multiboot.c en Quick Emulator (también conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten código arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor que mh_bss_end_addr. Esto desencadena un acceso de lectura o escritura a la memoria fuera de límites. Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. • http://www.securityfocus.com/bid/103181 https://access.redhat.com/errata/RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:2462 https://bugzilla.redhat.com/show_bug.cgi?id=1549798 https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53 https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https: • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2017-15119 – qemu: DoS via large option request
https://notcve.org/view.php?id=CVE-2017-15119
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. El servidor Network Block Device (NBD) en Quick Emulator (QEMU) en versiones anteriores a la 2.11 es vulnerable a un problema de denegación de servicio (DoS). Esto puede ocurrir si un cliente envía grandes peticiones de opciones, haciendo que el servidor pierda tiempo de CPU al leer hasta 4GB por petición. • http://www.openwall.com/lists/oss-security/2017/11/28/9 http://www.securityfocus.com/bid/102011 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119 https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https://access.redhat.com/security/cve/CVE-2017-15119 https:/ • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-18043
https://notcve.org/view.php?id=CVE-2017-18043
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). Desbordamiento de enteros en la macro ROUND_UP (n, d) en Quick Emulator (Qemu) permite que un usuario provoque una denegación de servicio (cierre inesperado del proceso Qemu) • http://www.openwall.com/lists/oss-security/2018/01/19/1 http://www.securityfocus.com/bid/102759 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2098b073f398cd628c09c5a78537a6854 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 • CWE-190: Integer Overflow or Wraparound •
CVE-2017-18030
https://notcve.org/view.php?id=CVE-2017-18030
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. La función cirrus_invalidate_region en hw/display/cirrus_vga.c en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso al array fuera de límites y cierre inesperado del proceso Qemu) mediante vectores relacionados con un paso negativo. • http://www.openwall.com/lists/oss-security/2018/01/15/3 http://www.securityfocus.com/bid/102520 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f153b563f8cf121aebf5a2fff5f0110faf58ccb3 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html • CWE-125: Out-of-bounds Read •