CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-13672 – QEMU: vga: OOB read access during display update
https://notcve.org/view.php?id=CVE-2017-13672
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. QEMU (también conocido como Quick Emulator), cuando se integra con soporte para emulador de pantalla VGA, permite que usuarios con privilegios de sistema operativo invitado local provoquen una denegación de servicio (lectura fuera de límites y bloqueo del proceso QEMU) mediante vectores relacionados con la actualización de pantalla. An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation. • https://github.com/DavidBuchanan314/CVE-2017-13672 http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://www.debian.org/security/2017/dsa-3991 http://www.openwall.com/lists/oss-security/2017/08/30/3 http://www.securityfocus.com/bid/100540 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:2162 https://bugzi • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12809
https://notcve.org/view.php?id=CVE-2017-12809
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. QEMU (también conocido como Quick Emulator), cuando se integra con el disco IDE y soporte para CD/DVD-ROM Emulator, permite que usuarios con privilegios de sistema operativo invitado local provoquen una denegación de servicio (desreferencia de puntero NULL y bloqueo del proceso QEMU) al vaciar una unidad de dispositivo CDROM vacía. • http://www.debian.org/security/2017/dsa-3991 http://www.openwall.com/lists/oss-security/2017/08/21/2 http://www.securityfocus.com/bid/100451 https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-10806
https://notcve.org/view.php?id=CVE-2017-10806
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. Una vulnerabilidad de desbordamiento de búfer de pila en hw/usb/redirect.c en Quick Emulator (QEMU) podría permitir a los usuarios locales invitados del sistema operativo provocar una denegación de servicio mediante vectores relacionados con el registro de mensajes de depuración. • http://www.debian.org/security/2017/dsa-3925 http://www.openwall.com/lists/oss-security/2017/07/07/1 http://www.securityfocus.com/bid/99475 https://bugzilla.redhat.com/show_bug.cgi?id=1468496 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-11334 – Qemu: exec: oob access during dma operation
https://notcve.org/view.php?id=CVE-2017-11334
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. La función address_space_write_continue en exec.c en QEMU (también conocido como Quick Emulator) permite a los usuarios invitado locales con privilegios del sistema operativo provocar una denegación de servicio (acceso fuera de los límites y detención de las instancias de la cuenta de invitado) usando qemu_map_ram_ptr para acceder al área del bloque de memoria ram del invitado. Quick Emulator (QEMU), compiled with qemu_map_ram_ptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS. • http://www.debian.org/security/2017/dsa-3925 http://www.openwall.com/lists/oss-security/2017/07/17/4 http://www.securityfocus.com/bid/99895 https://access.redhat.com/errata/RHSA-2017:3369 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3473 https://access.redhat.com/errata/RH • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 25EXPL: 0CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
https://notcve.org/view.php?id=CVE-2017-10664
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). • http://www.debian.org/security/2017/dsa-3920 http://www.openwall.com/lists/oss-security/2017/06/29/1 http://www.securityfocus.com/bid/99513 https://access.redhat.com/errata/RHSA-2017:2390 https://access.redhat.com/errata/RHSA-2017:2445 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RH • CWE-248: Uncaught Exception •