CVE-2018-7550 – QEMU: i386: multiboot OOB access while loading kernel image
https://notcve.org/view.php?id=CVE-2018-7550
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. La función load_multiboot en hw/i386/multiboot.c en Quick Emulator (también conocido como QEMU) permite que usuarios locales invitados del sistema operativo ejecuten código arbitrario en el host QEMU mediante un valor mh_load_end_addr mayor que mh_bss_end_addr. Esto desencadena un acceso de lectura o escritura a la memoria fuera de límites. Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mh_load_end_addr address is greater than the mh_bss_end_addr address. • http://www.securityfocus.com/bid/103181 https://access.redhat.com/errata/RHSA-2018:1369 https://access.redhat.com/errata/RHSA-2018:2462 https://bugzilla.redhat.com/show_bug.cgi?id=1549798 https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53 https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https: • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2017-15119 – qemu: DoS via large option request
https://notcve.org/view.php?id=CVE-2017-15119
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. El servidor Network Block Device (NBD) en Quick Emulator (QEMU) en versiones anteriores a la 2.11 es vulnerable a un problema de denegación de servicio (DoS). Esto puede ocurrir si un cliente envía grandes peticiones de opciones, haciendo que el servidor pierda tiempo de CPU al leer hasta 4GB por petición. • http://www.openwall.com/lists/oss-security/2017/11/28/9 http://www.securityfocus.com/bid/102011 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119 https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https://access.redhat.com/security/cve/CVE-2017-15119 https:/ • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-18043
https://notcve.org/view.php?id=CVE-2017-18043
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). Desbordamiento de enteros en la macro ROUND_UP (n, d) en Quick Emulator (Qemu) permite que un usuario provoque una denegación de servicio (cierre inesperado del proceso Qemu) • http://www.openwall.com/lists/oss-security/2018/01/19/1 http://www.securityfocus.com/bid/102759 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2098b073f398cd628c09c5a78537a6854 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 • CWE-190: Integer Overflow or Wraparound •
CVE-2018-5683 – Qemu: Out-of-bounds read in vga_draw_text routine
https://notcve.org/view.php?id=CVE-2018-5683
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. La función vga_draw_text en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso de lectura fuera de límites y cierre inesperado del proceso Qemu) aprovechando la validación indebida de direcciones de memoria. An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS. • http://www.openwall.com/lists/oss-security/2018/01/15/2 http://www.securityfocus.com/bid/102518 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:2162 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https:/ • CWE-125: Out-of-bounds Read •
CVE-2017-15124 – Qemu: memory exhaustion through framebuffer update request message in VNC server
https://notcve.org/view.php?id=CVE-2017-15124
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. Se ha descubierto que la implementación del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignación de memoria sin enlazar, ya que no limitó las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. • http://www.securityfocus.com/bid/102295 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:3062 https://bugzilla.redhat.com/show_bug.cgi?id=1525195 https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https://access.redhat.com/security/cve/CVE-2017-15124 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •