CVE-2023-40360
https://notcve.org/view.php?id=CVE-2023-40360
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled. QEMU hasta 8.0.4 accede a un puntero NULL en nvme_directive_receive en hw/nvme/ctrl.c porque no se verifica si un grupo de resistencia está configurado antes de verificar si la Ubicación Flexible de Datos está habilitada. • https://gitlab.com/birkelund/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 https://gitlab.com/qemu-project/qemu/-/issues/1815 https://security.netapp.com/advisory/ntap-20230915-0004 https://www.qemu.org/docs/master/system/security.html • CWE-476: NULL Pointer Dereference •
CVE-2023-4135 – Out-of-bounds read information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2023-4135
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed. Se encontró una falla de lectura de memoria fuera de los límites en el dispositivo nvme virtual en QEMU. El proceso QEMU no valida un desplazamiento proporcionado por el invitado antes de calcular un puntero de la memoria del host, que se utiliza para copiar datos al invitado. • https://access.redhat.com/security/cve/CVE-2023-4135 https://bugzilla.redhat.com/show_bug.cgi?id=2229101 https://security.netapp.com/advisory/ntap-20230915-0012 https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521 • CWE-125: Out-of-bounds Read •
CVE-2023-3180 – Heap buffer overflow in virtio_crypto_sym_op_helper()
https://notcve.org/view.php?id=CVE-2023-3180
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. • https://access.redhat.com/security/cve/CVE-2023-3180 https://bugzilla.redhat.com/show_bug.cgi?id=2222424 https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R https://security.netapp.com/advisory/ntap-20230831-0008 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-3019 – Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
https://notcve.org/view.php?id=CVE-2023-3019
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. • https://access.redhat.com/errata/RHSA-2024:0135 https://access.redhat.com/errata/RHSA-2024:0404 https://access.redhat.com/errata/RHSA-2024:0569 https://access.redhat.com/errata/RHSA-2024:2135 https://access.redhat.com/security/cve/CVE-2023-3019 https://bugzilla.redhat.com/show_bug.cgi?id=2222351 https://security.netapp.com/advisory/ntap-20230831-0005 • CWE-416: Use After Free •
CVE-2023-3354 – Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
https://notcve.org/view.php?id=CVE-2023-3354
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3354 https://bugzilla.redhat.com/show_bug.cgi?id=2216478 https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R • CWE-476: NULL Pointer Dereference •