Page 32 of 400 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. Un desbordamiento de enteros en la función load_multiboot en hw/i386/multiboot.c en QEMU (Quick Emulator) permite que usuarios locales invitados del sistema operativo ejecuten código arbitrario en el host mediante valores de dirección de cabeceras de arranque múltiple manipulados, que desencadenan una escritura fuera de límites. Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. • http://www.debian.org/security/2017/dsa-3991 http://www.openwall.com/lists/oss-security/2017/09/07/2 http://www.securityfocus.com/bid/100694 https://access.redhat.com/errata/RHSA-2017:3368 https://access.redhat.com/errata/RHSA-2017:3369 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/R • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 11%CPEs: 10EXPL: 0

An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. Se ha detectado un fallo de aserción en Qemu en versiones anteriores a la 2.10.1 en la negociación de conexión inicial de los servidores de NBD (Network Block Device) en el que la corrutina I/O no estaba definida. Esto podría provocar el cierre inesperado del servidor qemu-nbd si un cliente envía datos no esperados durante la negociación de la conexión. • http://www.openwall.com/lists/oss-security/2017/07/21/4 http://www.securityfocus.com/bid/99944 https://access.redhat.com/errata/RHSA-2017:2628 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RHSA-2017:3473 https://access.redhat.com/errata/RHSA-2017:3474 https://bugzilla.redhat.com/show_b • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. QEMU (también conocido como Quick Emulator), cuando se integra con soporte para emulador de pantalla VGA, permite que usuarios con privilegios de sistema operativo invitado local provoquen una denegación de servicio (lectura fuera de límites y bloqueo del proceso QEMU) mediante vectores relacionados con la actualización de pantalla. An out-of-bounds read access issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while reading VGA memory to update graphics display. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service situation. • https://github.com/DavidBuchanan314/CVE-2017-13672 http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://www.debian.org/security/2017/dsa-3991 http://www.openwall.com/lists/oss-security/2017/08/30/3 http://www.securityfocus.com/bid/100540 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://access.redhat.com/errata/RHSA-2018:2162 https://bugzi • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. Una vulnerabilidad de uso después de liberación de memoria (use-after-free) en la función sofree en slirp/socket.c en QEMU (también conocido como Quick Emulator) permite que atacantes remotos provoquen una denegación de servicio (bloqueo de la instancia QEMU) aprovechando el error a la hora de eliminar correctamente ifq_so de los paquetes pendientes. A use-after-free issue was found in the Slirp networking implementation of the Quick emulator (QEMU). It occurs when a Socket referenced from multiple packets is freed while responding to a message. A user/process could use this flaw to crash the QEMU process on the host resulting in denial of service. • http://www.debian.org/security/2017/dsa-3991 http://www.openwall.com/lists/oss-security/2017/08/29/6 http://www.securityfocus.com/bid/100534 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://bugzilla.redhat.com/show_bug.cgi?id=1486400 https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html https://access.redhat.com/security/cve/CVE-2017-13711 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. La actualización de la pantalla VGA en la región calculada inapropiadamente para la instantánea dirty bitmap en el caso de que el modo pantalla dividida sea usado, lo que provoca una denegación de servicio (fallo de aserción) en la función cpu_physical_memory_snapshot_get_dirty. An assert failure issue was found in the VGA display emulator built into the Quick emulator (QEMU). It could occur while updating graphics display, due to miscalculating region for dirty bitmap snapshot in split screen mode. A privileged user/process inside guest could use this flaw to crash the QEMU process on the host resulting in denial of service. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html http://www.openwall.com/lists/oss-security/2017/09/10/1 http://www.securityfocus.com/bid/100527 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:1113 https://git.qemu.org/gitweb.cgi?p=qemu.git%3Ba=commit%3Bh=bfc56535f793c557aa754c50213fc5f882e6482d https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html https://access.redhat.com/security/cve/CVE-2017-13673& • CWE-617: Reachable Assertion •