CVE-2017-18043
https://notcve.org/view.php?id=CVE-2017-18043
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). Desbordamiento de enteros en la macro ROUND_UP (n, d) en Quick Emulator (Qemu) permite que un usuario provoque una denegación de servicio (cierre inesperado del proceso Qemu) • http://www.openwall.com/lists/oss-security/2018/01/19/1 http://www.securityfocus.com/bid/102759 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2098b073f398cd628c09c5a78537a6854 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 • CWE-190: Integer Overflow or Wraparound •
CVE-2017-18030
https://notcve.org/view.php?id=CVE-2017-18030
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. La función cirrus_invalidate_region en hw/display/cirrus_vga.c en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso al array fuera de límites y cierre inesperado del proceso Qemu) mediante vectores relacionados con un paso negativo. • http://www.openwall.com/lists/oss-security/2018/01/15/3 http://www.securityfocus.com/bid/102520 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f153b563f8cf121aebf5a2fff5f0110faf58ccb3 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html • CWE-125: Out-of-bounds Read •
CVE-2018-5683 – Qemu: Out-of-bounds read in vga_draw_text routine
https://notcve.org/view.php?id=CVE-2018-5683
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. La función vga_draw_text en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso de lectura fuera de límites y cierre inesperado del proceso Qemu) aprovechando la validación indebida de direcciones de memoria. An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS. • http://www.openwall.com/lists/oss-security/2018/01/15/2 http://www.securityfocus.com/bid/102518 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:2162 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https:/ • CWE-125: Out-of-bounds Read •
CVE-2017-15124 – Qemu: memory exhaustion through framebuffer update request message in VNC server
https://notcve.org/view.php?id=CVE-2017-15124
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. Se ha descubierto que la implementación del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignación de memoria sin enlazar, ya que no limitó las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. • http://www.securityfocus.com/bid/102295 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:3062 https://bugzilla.redhat.com/show_bug.cgi?id=1525195 https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https://access.redhat.com/security/cve/CVE-2017-15124 • CWE-20: Improper Input Validation CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2017-17381
https://notcve.org/view.php?id=CVE-2017-17381
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. La implementación Virtio Vring en QEMU permite que usuarios invitados del sistema operativo local provoquen una denegación de servicio (división entre cero y cierre inesperado del proceso QEMU) anulando la alineación de vring mientras se actualizan los los "rings" de Virtio. • http://www.openwall.com/lists/oss-security/2017/12/05/2 http://www.securityfocus.com/bid/102059 https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 • CWE-369: Divide By Zero •