CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3019 – Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
https://notcve.org/view.php?id=CVE-2023-3019
24 Jul 2023 — A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service, null pointer, and use-after-free vulnerabilities. • https://access.redhat.com/errata/RHSA-2024:0135 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-3354 – Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
https://notcve.org/view.php?id=CVE-2023-3354
11 Jul 2023 — A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. Gaoning Pan and Xingwei Li discovered that QEMU incorr... • https://access.redhat.com/security/cve/CVE-2023-3354 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0664
https://notcve.org/view.php?id=CVE-2023-0664
29 Mar 2023 — A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2167423 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1544 – Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()
https://notcve.org/view.php?id=CVE-2023-1544
23 Mar 2023 — A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of servi... • https://access.redhat.com/security/cve/CVE-2023-1544 • CWE-125: Out-of-bounds Read CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4144 – QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read
https://notcve.org/view.php?id=CVE-2022-4144
29 Nov 2022 — An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. Se encontró una falla de lectura fuera de los límites en la emulación del dispositivo de visualización QXL en QEMU. La función ... • https://bugzilla.redhat.com/show_bug.cgi?id=2148506 • CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-3872
https://notcve.org/view.php?id=CVE-2022-3872
07 Nov 2022 — An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Se encontró un problema de lectura/escritura de uno en uno en el dispositivo SDHCI de QEMU. Ocurre al leer/escribir el registro del Puerto de Datos del Búfer en sdhci_r... • https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html • CWE-193: Off-by-one Error •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3165 – QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion
https://notcve.org/view.php?id=CVE-2022-3165
17 Oct 2022 — An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. Se ha encontrado un problema de desbordamiento de enteros en el servidor VNC de QEMU mientras son procesados mensajes ClientCutText en el formato extendido. Un cliente malicioso podría usar este fallo para hacer que QEMU no responda mediante... • https://gitlab.com/qemu-project/qemu/-/commit/d307040b18 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2962 – Ubuntu Security Notice USN-5772-1
https://notcve.org/view.php?id=CVE-2022-2962
13 Sep 2022 — A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Se encontró un problema de reentrada DMA en la emulaci... • https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182 • CWE-400: Uncontrolled Resource Consumption CWE-662: Improper Synchronization •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3735
https://notcve.org/view.php?id=CVE-2021-3735
26 Aug 2022 — A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. Se ha encontrado un problema de bloqueo en el dispositivo controlador AHCI de QEMU. • https://access.redhat.com/security/cve/CVE-2021-3735 • CWE-400: Uncontrolled Resource Consumption CWE-667: Improper Locking •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 2CVE-2022-0216 – Ubuntu Security Notice USN-5772-1
https://notcve.org/view.php?id=CVE-2022-0216
26 Aug 2022 — A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en la emulación del adaptador de bus de host LSI53C895A SCSI de QEMU. El fallo es pr... • https://access.redhat.com/security/cve/CVE-2022-0216 • CWE-416: Use After Free •