CVE-2017-7718 – Qemu: display: cirrus: OOB read access issue
https://notcve.org/view.php?id=CVE-2017-7718
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. En el archivo hw/display/cirrus_vga_rop.h en QEMU (también se conoce como Quick Emulator), permite a los usuarios privilegiados del sistema operativo invitado local causar una denegación de servicio (lectura fuera de límites y bloqueo del proceso QEMU) por medio de vectores relacionados con el copiado de datos VGA mediante las funciones cirrus_bitblt_rop_fwd_transp_ y cirrus_bitblt__. An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904 http://www.openwall.com/lists/oss-security/2017/04/19/4 http://www.securityfocus.com/bid/97957 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 • CWE-125: Out-of-bounds Read •
CVE-2016-9603 – Qemu: cirrus: heap buffer overflow via vnc connection
https://notcve.org/view.php?id=CVE-2016-9603
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el soporte del controlador de pantalla VNC del emulador Cirrus CLGD 54xx VGA de QEMU en versiones anteriores a la 2.9. El problema podía ocurrir cuando un cliente VNC intentaba actualizar su pantalla después de que un invitado realizara una operación VGA. Un usuario/proceso privilegiado dentro de un guest podría usar esta vulnerabilidad para provocar que el proceso de QEMU se cierre inesperadamente o, potencialmente, ejecutar código arbitrario en el host con privilegios del proceso de QEMU. • http://www.securityfocus.com/bid/96893 http://www.securitytracker.com/id/1038023 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0985 https://access.redhat.com/errata/RHSA-2017:0987 https://access.redhat.com/errata/RHSA-2017:0988 https:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2017-2630 – Qemu: nbd: oob stack write in client routine drop_sync
https://notcve.org/view.php?id=CVE-2017-2630
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process. Se ha encontrado un fallo de desbordamiento de búfer basado en pila en Quick Emulator (QEMU) en versiones anteriores a la 2.9 construida con el soporte de cliente de Network Block Device (NBD). El fallo puede ocurrir durante el procesamiento de la respuesta del servidor a una petición "NBD_OPT_LIST". • http://www.openwall.com/lists/oss-security/2017/02/15/2 http://www.securityfocus.com/bid/96265 https://access.redhat.com/errata/RHSA-2017:2392 https://bugzilla.redhat.com/show_bug.cgi?id=1422415 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630 https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85 https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html https://security.gentoo.org/glsa/201704-01 https://access.redhat.com/security/cve • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2017-7377
https://notcve.org/view.php?id=CVE-2017-7377
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. Las funciones de (1) v9fs_create y (2) v9fs_lcreate en hw/9pfs/9p.c en QEMU (también conocido como Quick Emulator) permiten a los usuarios privilegiados de usuarios locales huésped causar una denegación de servicio (descriptor de archivo o consumo de memoria) a través de vectores relacionados con un fid ya en uso. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e http://www.openwall.com/lists/oss-security/2017/04/03/2 http://www.securityfocus.com/bid/97319 https://bugzilla.redhat.com/show_bug.cgi?id=1437871 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html https://security.gentoo.org/glsa/201706-03 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-5973 – Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx
https://notcve.org/view.php?id=CVE-2017-5973
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. La función xhci_kick_epctx en hw/usb/hcd-xhci.c en QEMU (también conocido como Quick Emulator) permite a usuarios locales privilegiados del SO invitado provocar una denegación de servicio (bucle infinito y caída del proceso QEMU) a través de vectores relacionados con la secuencia del descriptor de transferencia de control. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b http://www.openwall.com/lists/oss-security/2017/02/13/11 http://www.securityfocus.com/bid/96220 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://bugzilla.redhat.com/show_bug.cgi?id=1421626 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •