CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-6778 – QEMU: slirp: heap buffer overflow in tcp_emu()
https://notcve.org/view.php?id=CVE-2019-6778
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. En QEMU 3.0.0, tcp_emu en slirp/tcp_subr.c tiene un desbordamiento de búfer basado en memoria dinámica (heap). A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu() routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host resulting in a DoS or potentially executing arbitrary code with privileges of the QEMU process. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html http://www.openwall.com/lists/oss-security/2019/01/24/5 http://www.securityfocus.com/bid/106758 https://access.redhat.com& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-6501 – QEMU: scsi-generic: possible OOB access while handling inquiry request
https://notcve.org/view.php?id=CVE-2019-6501
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. En QEMU 3.1, scsi_handle_inquiry_reply en hw/scsi/scsi-generic.c permite operaciones de lectura y escritura fuera de límites. • http://www.openwall.com/lists/oss-security/2019/01/24/1 https://access.redhat.com/errata/RHSA-2019:2166 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7 https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html https://security.netapp.com/advisory/ntap-20190411-0006 https://access.redhat.com/security/cve/CVE& • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3812
https://notcve.org/view.php?id=CVE-2019-3812
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. QEMU, hasta la versión 2.10 y la 3.1.0, es vulnerable a una lectura fuera de límites de hasta 128 bytes en la función hw/i2c/i2c-ddc.c:i2c_ddc(). Un atacante local con permisos para ejecutar comandos i2c podría aprovechar este hecho para leer la memoria de pila del proceso qemu en el host. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html http://www.securityfocus.com/bid/107059 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7 https://seclists.org/bugtraq&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-20124
https://notcve.org/view.php?id=CVE-2018-20124
hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. hw/rdma/rdma_backend.c en QEMU permite que los usuarios invitados del sistema operativo desencadenen un acceso fuera de límites mediante un elemento de anillo PvrdmaSqWqe con un valor num_sge grande. • http://www.openwall.com/lists/oss-security/2018/12/18/2 http://www.securityfocus.com/bid/106290 https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html https://usn.ubuntu.com/3923-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-20191
https://notcve.org/view.php?id=CVE-2018-20191
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). hw/rdma/vmw/pvrdma_main.c en QEMU no implementa una operación de lectura (como uar_read por analogía con uar_write), lo que permite que los atacantes provoquen una denegación de servicio (desreferencia de puntero NULL). • http://www.openwall.com/lists/oss-security/2018/12/18/1 http://www.securityfocus.com/bid/106276 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7 https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html https://usn.ubuntu.com/3923-1 • CWE-476: NULL Pointer Dereference •