CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2017-9214 – openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
https://notcve.org/view.php?id=CVE-2017-9214
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. En Open vSwitch (OvS) versión 2.7.0, mientras analiza un mensaje OFPT_QUEUE_GET_CONFIG_REPLY tipo OFP versión 1.0, se presenta una lectura excesiva búfer causada por un desbordamiento de enteros sin signo en la función “ofputil_pull_queue_get_config_reply10” en la biblioteca “lib/ofp-util.c”. An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this issue to cause a remote denial of service attack. • https://access.redhat.com/errata/RHSA-2017:2418 https://access.redhat.com/errata/RHSA-2017:2553 https://access.redhat.com/errata/RHSA-2017:2648 https://access.redhat.com/errata/RHSA-2017:2665 https://access.redhat.com/errata/RHSA-2017:2692 https://access.redhat.com/errata/RHSA-2017:2698 https://access.redhat.com/errata/RHSA-2017:2727 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html https • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1000407 – Kernel: KVM: DoS via write flood to I/O port 0x80
https://notcve.org/view.php?id=CVE-2017-1000407
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. • http://www.openwall.com/lists/oss-security/2017/12/04/2 http://www.securityfocus.com/bid/102038 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/security/cve/cve-2017-1000407 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https&# • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2017-5973 – Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx
https://notcve.org/view.php?id=CVE-2017-5973
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. La función xhci_kick_epctx en hw/usb/hcd-xhci.c en QEMU (también conocido como Quick Emulator) permite a usuarios locales privilegiados del SO invitado provocar una denegación de servicio (bucle infinito y caída del proceso QEMU) a través de vectores relacionados con la secuencia del descriptor de transferencia de control. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b http://www.openwall.com/lists/oss-security/2017/02/13/11 http://www.securityfocus.com/bid/96220 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://bugzilla.redhat.com/show_bug.cgi?id=1421626 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-9921 – Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy
https://notcve.org/view.php?id=CVE-2016-9921
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. Quick emulator (Qemu) construido con el soporte Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de división por cero. Podría ocurrir mientras se copian datos VGA cuando el modo de gráficos cirrus estaba configurado para ser VGA. • http://www.openwall.com/lists/oss-security/2016/12/09/1 http://www.securityfocus.com/bid/94803 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://security.gentoo.org/glsa/201701-49 https://access.redhat.com/security/cve/CVE-2016-9921 https://bugzilla.redhat.com/show_bug.cgi?id=1334398 • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-9907 – Qemu: usb: redirector: memory leakage when destroying redirector
https://notcve.org/view.php?id=CVE-2016-9907
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. Quick Emulator (Qemu) construido con el soporte del USB redirector usb-guest es vulnerable a una falla de fuga de memoria. Podría ocurrir mientras se destruye el redirector USB en 'usbredir_handle_destroy'. • http://www.openwall.com/lists/oss-security/2016/12/08/3 http://www.securityfocus.com/bid/94759 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://security.gentoo.org/glsa/201701-49 https://access.redhat.com/security/cve/CVE-2016-9907 https://bugzilla.redhat.com/show_bug.cgi?id=1402265 • CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') CWE-772: Missing Release of Resource after Effective Lifetime •