Page 2 of 47 results (0.004 seconds)

CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. Se encontró una falla en QEMU. La naturaleza asíncrona de la desconexión en caliente permite un escenario de ejecución en el que el backend del dispositivo de red se borra antes de que se haya desconectado el frontend pci de virtio-net. • https://access.redhat.com/security/cve/CVE-2023-3301 https://bugzilla.redhat.com/show_bug.cgi?id=2215784 https://security.netapp.com/advisory/ntap-20231020-0008 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-617: Reachable Assertion •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. QEMU hasta 8.0.0 podría desencadenar una división por cero en scsi_disk_reset en hw/scsi/scsi-disk.c porque scsi_disk_emulate_mode_select no impide que s->qdev.blocksize sea 256. Esto detiene QEMU y el invitado inmediatamente. A denial of service vulnerability was found in the qemu package. • https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c https://gitlab.com/qemu-project/qemu/-/issues/1813 https://security.netapp.com/advisory/ntap-20231103-0005 https://access.redhat.com/security/cve/CVE-2023-42467 https://bugzilla.redhat.com/show_bug.cgi?id=2238291 • CWE-369: Divide By Zero •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case. La emulación de hardware en el of_dpa_cmd_add_l2_flood del modelo de dispositivo rocker en QEMU, tal y como se utiliza en versiones 7.0.0 y anteriores, permite a atacantes remotos bloquear al host qemu y potencialmente ejecutar código en el host a través de ejecutar un programa malformado en el SO invitado. • https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html https://security.netapp.com/advisory/ntap-20231006-0004 • CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. • https://access.redhat.com/security/cve/CVE-2023-3180 https://bugzilla.redhat.com/show_bug.cgi?id=2222424 https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R https://security.netapp.com/advisory/ntap-20230831-0008 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. • https://access.redhat.com/errata/RHSA-2024:0135 https://access.redhat.com/errata/RHSA-2024:0404 https://access.redhat.com/errata/RHSA-2024:0569 https://access.redhat.com/errata/RHSA-2024:2135 https://access.redhat.com/security/cve/CVE-2023-3019 https://bugzilla.redhat.com/show_bug.cgi?id=2222351 https://security.netapp.com/advisory/ntap-20230831-0005 • CWE-416: Use After Free •