Page 35 of 390 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. Fuga de memoria en la función v9fs_list_xattr en hw/9pfs/9p-xattr.c en QEMU (también conocido como Quick Emulator) permite a los usuarios locales privilegiados de los sistemas operativos invitados causar una denegación de servicio (por consumo de memoria) a través de vectores que implican la variable orig_value • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 http://www.openwall.com/lists/oss-security/2017/04/25/5 http://www.securityfocus.com/bid/98012 https://bugzilla.redhat.com/show_bug.cgi?id=1444781 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html https://security.gentoo.org/glsa/201706-03 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes. ** EN DISPUTA ** La función disas_insn en target / i386 / translate.c en QEMU para las versiones anteriores a la 2.9.0, cuando se utiliza el modo TCG sin aceleración de hardware, no limita el tamaño de instrucción, lo que permite a los usuarios locales obtener privilegios creando un bloque básico modificado que inyecta código en un programa setuid, como lo demuestra procmail. NOTA: el proveedor ha declarado que "este error no viola las garantías de seguridad de QEMU." • https://bugs.chromium.org/p/project-zero/issues/detail?id=1122 https://github.com/qemu/qemu/commit/30663fd26c0307e414622c7a8607fbc04f92ec14 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. Se ha encontrado un problema de acceso a la memoria fuera de límites en Quick Emulator (QEMU) en versiones anteriores a la 1.7.2 en el controlador de pantalla VNC. Esta vulnerabilidad podría ocurrir mientras se refresca la superficie del display de VNC en el "vnc_refresh_server_surface". • http://www.openwall.com/lists/oss-security/2017/02/23/1 http://www.securityfocus.com/bid/96417 https://access.redhat.com/errata/RHSA-2017:1205 https://access.redhat.com/errata/RHSA-2017:1206 https://access.redhat.com/errata/RHSA-2017:1441 https://access.redhat.com/errata/RHSA-2017:1856 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633 https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7 https://git.qemu.org/?p=qemu.git% • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. En el archivo hw/display/cirrus_vga_rop.h en QEMU (también se conoce como Quick Emulator), permite a los usuarios privilegiados del sistema operativo invitado local causar una denegación de servicio (lectura fuera de límites y bloqueo del proceso QEMU) por medio de vectores relacionados con el copiado de datos VGA mediante las funciones cirrus_bitblt_rop_fwd_transp_ y cirrus_bitblt__. An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. • http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904 http://www.openwall.com/lists/oss-security/2017/04/19/4 http://www.securityfocus.com/bid/97957 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 • CWE-125: Out-of-bounds Read •

CVSS: 9.9EPSS: 0%CPEs: 24EXPL: 0

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el soporte del controlador de pantalla VNC del emulador Cirrus CLGD 54xx VGA de QEMU en versiones anteriores a la 2.9. El problema podía ocurrir cuando un cliente VNC intentaba actualizar su pantalla después de que un invitado realizara una operación VGA. Un usuario/proceso privilegiado dentro de un guest podría usar esta vulnerabilidad para provocar que el proceso de QEMU se cierre inesperadamente o, potencialmente, ejecutar código arbitrario en el host con privilegios del proceso de QEMU. • http://www.securityfocus.com/bid/96893 http://www.securitytracker.com/id/1038023 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0985 https://access.redhat.com/errata/RHSA-2017:0987 https://access.redhat.com/errata/RHSA-2017:0988 https:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •