CVE-2017-13672 – QEMU: vga: OOB read access during display update
https://notcve.org/view.php?id=CVE-2017-13672
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. QEMU (también conocido como Quick Emulator), cuando se integra con soporte para emulador de pantalla VGA, permite que usuarios con privilegios de sistema operativo invitado local provoquen una denegación de servicio (lectura fuera de límites y bloqueo del proceso QEMU) mediante vectores relacionados con la actualización de pantalla. An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation. • https://github.com/DavidBuchanan314/CVE-2017-13672 http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://www.debian.org/security/2017/dsa-3991 http://www.openwall.com/lists/oss-security/2017/08/30/3 http://www.securityfocus.com/bid/100540 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:2162 https://bugzi • CWE-125: Out-of-bounds Read •
CVE-2017-13711 – QEMU: Slirp: use-after-free when sending response
https://notcve.org/view.php?id=CVE-2017-13711
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. Una vulnerabilidad de uso después de liberación de memoria (use-after-free) en la función sofree en slirp/socket.c en QEMU (también conocido como Quick Emulator) permite que atacantes remotos provoquen una denegación de servicio (bloqueo de la instancia QEMU) aprovechando el error a la hora de eliminar correctamente ifq_so de los paquetes pendientes. A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service. • http://www.debian.org/security/2017/dsa-3991 http://www.openwall.com/lists/oss-security/2017/08/29/6 http://www.securityfocus.com/bid/100534 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://bugzilla.redhat.com/show_bug.cgi?id=1486400 https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html https://access.redhat.com/security/cve/CVE-2017-13711 • CWE-416: Use After Free •
CVE-2017-12809
https://notcve.org/view.php?id=CVE-2017-12809
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. QEMU (también conocido como Quick Emulator), cuando se integra con el disco IDE y soporte para CD/DVD-ROM Emulator, permite que usuarios con privilegios de sistema operativo invitado local provoquen una denegación de servicio (desreferencia de puntero NULL y bloqueo del proceso QEMU) al vaciar una unidad de dispositivo CDROM vacía. • http://www.debian.org/security/2017/dsa-3991 http://www.openwall.com/lists/oss-security/2017/08/21/2 http://www.securityfocus.com/bid/100451 https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html • CWE-476: NULL Pointer Dereference •
CVE-2017-10806
https://notcve.org/view.php?id=CVE-2017-10806
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. Una vulnerabilidad de desbordamiento de búfer de pila en hw/usb/redirect.c en Quick Emulator (QEMU) podría permitir a los usuarios locales invitados del sistema operativo provocar una denegación de servicio mediante vectores relacionados con el registro de mensajes de depuración. • http://www.debian.org/security/2017/dsa-3925 http://www.openwall.com/lists/oss-security/2017/07/07/1 http://www.securityfocus.com/bid/99475 https://bugzilla.redhat.com/show_bug.cgi?id=1468496 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html • CWE-787: Out-of-bounds Write •
CVE-2017-11334 – Qemu: exec: oob access during dma operation
https://notcve.org/view.php?id=CVE-2017-11334
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. La función address_space_write_continue en exec.c en QEMU (también conocido como Quick Emulator) permite a los usuarios invitado locales con privilegios del sistema operativo provocar una denegación de servicio (acceso fuera de los límites y detención de las instancias de la cuenta de invitado) usando qemu_map_ram_ptr para acceder al área del bloque de memoria ram del invitado. Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. • http://www.debian.org/security/2017/dsa-3925 http://www.openwall.com/lists/oss-security/2017/07/17/4 http://www.securityfocus.com/bid/99895 https://access.redhat.com/errata/RHSA-2017:3369 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3473 https://access.redhat.com/errata/RH • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •