CVE-2023-42467 – QEMU: am53c974: denial of service due to division by zero
https://notcve.org/view.php?id=CVE-2023-42467
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. QEMU hasta 8.0.0 podría desencadenar una división por cero en scsi_disk_reset en hw/scsi/scsi-disk.c porque scsi_disk_emulate_mode_select no impide que s->qdev.blocksize sea 256. Esto detiene QEMU y el invitado inmediatamente. A denial of service vulnerability was found in the qemu package. • https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c https://gitlab.com/qemu-project/qemu/-/issues/1813 https://security.netapp.com/advisory/ntap-20231103-0005 https://access.redhat.com/security/cve/CVE-2023-42467 https://bugzilla.redhat.com/show_bug.cgi?id=2238291 • CWE-369: Divide By Zero •
CVE-2020-24165
https://notcve.org/view.php?id=CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties. • https://bugs.launchpad.net/qemu/+bug/1863025 https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html https://pastebin.com/iqCbjdT8 https://security.netapp.com/advisory/ntap-20231006-0012 •
CVE-2022-36648
https://notcve.org/view.php?id=CVE-2022-36648
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case. La emulación de hardware en el of_dpa_cmd_add_l2_flood del modelo de dispositivo rocker en QEMU, tal y como se utiliza en versiones 7.0.0 y anteriores, permite a atacantes remotos bloquear al host qemu y potencialmente ejecutar código en el host a través de ejecutar un programa malformado en el SO invitado. • https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html https://security.netapp.com/advisory/ntap-20231006-0004 • CWE-476: NULL Pointer Dereference •
CVE-2023-3180 – Heap buffer overflow in virtio_crypto_sym_op_helper()
https://notcve.org/view.php?id=CVE-2023-3180
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. • https://access.redhat.com/security/cve/CVE-2023-3180 https://bugzilla.redhat.com/show_bug.cgi?id=2222424 https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R https://security.netapp.com/advisory/ntap-20230831-0008 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-3019 – Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
https://notcve.org/view.php?id=CVE-2023-3019
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. • https://access.redhat.com/errata/RHSA-2024:0135 https://access.redhat.com/errata/RHSA-2024:0404 https://access.redhat.com/errata/RHSA-2024:0569 https://access.redhat.com/errata/RHSA-2024:2135 https://access.redhat.com/security/cve/CVE-2023-3019 https://bugzilla.redhat.com/show_bug.cgi?id=2222351 https://security.netapp.com/advisory/ntap-20230831-0005 • CWE-416: Use After Free •