CVE-2019-12247
https://notcve.org/view.php?id=CVE-2019-12247
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable ** EN DISPUTA ** QEMU 3.0.0 tiene un desbordamiento de enteros (Integer Overflow) porque los archivos qga / command * .c no verifican la longitud de la lista de argumentos o el número de variables de entorno. NOTA: esta vulnerabilidad está siendo discutida como no explotable. • http://www.securityfocus.com/bid/108434 https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06360.html https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html • CWE-190: Integer Overflow or Wraparound •
CVE-2019-9824 – QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables
https://notcve.org/view.php?id=CVE-2019-9824
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. tcp_emu en slirp / tcp_subr.c (conocido como slirp / src / tcp_subr.c) en QEMU 3.0.0 usa datos no inicializados en una llamada a snprintf, lo que lleva a la revelación de información. • https://access.redhat.com/errata/RHSA-2019:1650 https://access.redhat.com/errata/RHSA-2019:2078 https://access.redhat.com/errata/RHSA-2019:2425 https://access.redhat.com/errata/RHSA-2019:2553 https://access.redhat.com/errata/RHSA-2019:3345 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg00400.html https://access.redhat.com/security/cve/CVE-2019-9824 https: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVE-2018-20815 – QEMU: device_tree: heap buffer overflow while loading device tree blob
https://notcve.org/view.php?id=CVE-2018-20815
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. En QEMU versión 3.1.0, la función load_device_tree en el archivo device_tree.c llama a la función en desuso load_image, que tiene un riesgo de desbordamiento de búfer. A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. • https://access.redhat.com/errata/RHSA-2019:1667 https://access.redhat.com/errata/RHSA-2019:1723 https://access.redhat.com/errata/RHSA-2019:1743 https://access.redhat.com/errata/RHSA-2019:1881 https://access.redhat.com/errata/RHSA-2019:1968 https://access.redhat.com/errata/RHSA-2019:2507 https://access.redhat.com/errata/RHSA-2019:2553 https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=da885fe1ee8b4589047484bd7fa05a4905b52b17 https://lists.fedoraproject.org/archives/list/package-announce& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2019-5008
https://notcve.org/view.php?id=CVE-2019-5008
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. El archivo hw/sparc64/sun4u.c en QEMU versión 3.1.50, es vulnerable a una desreferencia del puntero NULL, lo que permite al atacante provocar una Denegación de Servicio (DoS) por medio de un controlador de dispositivo. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html http://www.securityfocus.com/bid/108024 https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008 https://git.qemu.org/?p=qemu.git%3Ba=history%3Bf=hw/sparc64/sun4u.c%3Bhb=HEAD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL https:/ • CWE-476: NULL Pointer Dereference •
CVE-2019-8934
https://notcve.org/view.php?id=CVE-2019-8934
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. hw/ppc/spapr.c en QEMU, hasta la versión 3.1.0, permite la exposición de información debido a que el hipervisor comparte los atributos del sistema en /proc/device-tree/system-id and /proc/device-tree/model con un invitado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html http://www.openwall.com/lists/oss-security/2019/02/21/1 http://www.securityfocus.com/bid/107115 https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html https://security.netapp.com/advisory/ntap-20190411-0006 • CWE-668: Exposure of Resource to Wrong Sphere •