CVE-2017-8112
https://notcve.org/view.php?id=CVE-2017-8112
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. hw/scsi/vmw_pvscsi.c en QEMU (también conocido como Quick Emulator) permite a los usuarios locales privilegiados de los sistemas operativos invitados causar una denegación de servicio (bucle infinito y consumo de CPU) a través de mensajes ring en la pagina de recuento. • http://www.openwall.com/lists/oss-security/2017/04/26/5 http://www.securityfocus.com/bid/98015 https://bugzilla.redhat.com/show_bug.cgi?id=1445621 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html https://security.gentoo.org/glsa/201706-03 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-8086
https://notcve.org/view.php?id=CVE-2017-8086
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. Fuga de memoria en la función v9fs_list_xattr en hw/9pfs/9p-xattr.c en QEMU (también conocido como Quick Emulator) permite a los usuarios locales privilegiados de los sistemas operativos invitados causar una denegación de servicio (por consumo de memoria) a través de vectores que implican la variable orig_value • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 http://www.openwall.com/lists/oss-security/2017/04/25/5 http://www.securityfocus.com/bid/98012 https://bugzilla.redhat.com/show_bug.cgi?id=1444781 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html https://security.gentoo.org/glsa/201706-03 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-8284
https://notcve.org/view.php?id=CVE-2017-8284
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes. ** EN DISPUTA ** La función disas_insn en target / i386 / translate.c en QEMU para las versiones anteriores a la 2.9.0, cuando se utiliza el modo TCG sin aceleración de hardware, no limita el tamaño de instrucción, lo que permite a los usuarios locales obtener privilegios creando un bloque básico modificado que inyecta código en un programa setuid, como lo demuestra procmail. NOTA: el proveedor ha declarado que "este error no viola las garantías de seguridad de QEMU." • https://bugs.chromium.org/p/project-zero/issues/detail?id=1122 https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2017-2633 – Qemu: VNC: memory corruption due to unchecked resolution limit
https://notcve.org/view.php?id=CVE-2017-2633
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. Se ha encontrado un problema de acceso a la memoria fuera de límites en Quick Emulator (QEMU) en versiones anteriores a la 1.7.2 en el controlador de pantalla VNC. Esta vulnerabilidad podría ocurrir mientras se refresca la superficie del display de VNC en el "vnc_refresh_server_surface". • http://www.openwall.com/lists/oss-security/2017/02/23/1 http://www.securityfocus.com/bid/96417 https://access.redhat.com/errata/RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1856 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633 https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7 https://git.qemu.org/?p=qemu.git% • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2017-7718 – Qemu: display: cirrus: OOB read access issue
https://notcve.org/view.php?id=CVE-2017-7718
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. En el archivo hw/display/cirrus_vga_rop.h en QEMU (también se conoce como Quick Emulator), permite a los usuarios privilegiados del sistema operativo invitado local causar una denegación de servicio (lectura fuera de límites y bloqueo del proceso QEMU) por medio de vectores relacionados con el copiado de datos VGA mediante las funciones cirrus_bitblt_rop_fwd_transp_ y cirrus_bitblt__. An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904 http://www.openwall.com/lists/oss-security/2017/04/19/4 http://www.securityfocus.com/bid/97957 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 • CWE-125: Out-of-bounds Read •