CVSS: 6.0EPSS: 0%CPEs: 11EXPL: 0CVE-2016-8576 – Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
https://notcve.org/view.php?id=CVE-2016-8576
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. La función xhci_ring_fetch en hw/usb/hcd-xhci.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (bucle infinito y caída del proceso QEMU) aprovechando el fallo para limitar el número de enlaces Transfer Request Blocks (TRB) al proceso. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=05f43d44e4bc26611ce25fd7d726e483f73363ce http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/10/12 http://www.openwall.com/lists/oss-security/2016/10/10/6 http://www.securityfocus.com/bid/93469 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https:/&# • CWE-770: Allocation of Resources Without Limits or Throttling CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.0EPSS: 0%CPEs: 11EXPL: 0CVE-2016-8909 – Qemu: audio: intel-hda: infinite loop in processing dma buffer stream
https://notcve.org/view.php?id=CVE-2016-8909
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. La función intel_hda_xfer en hw/audio/intel-hda.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una entrada con el mismo valor para la longitud del búfer y posición del puntero. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/24/1 http://www.openwall.com/lists/oss-security/2016/10/24/4 http://www.securityfocus.com/bid/93842 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html https://security. • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.0EPSS: 0%CPEs: 11EXPL: 0CVE-2016-8910 – Qemu: net: rtl8139: infinite loop while transmit in C+ mode
https://notcve.org/view.php?id=CVE-2016-8910
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. La función rtl8139_cplus_transmit en hw/net/rtl8139.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (bucle infinito y consumo de CPU) aprovechando el fallo para limitar el recuento del descriptor del anillo. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/24/2 http://www.openwall.com/lists/oss-security/2016/10/24/5 http://www.securityfocus.com/bid/93844 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html https://security. • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.0EPSS: 0%CPEs: 11EXPL: 0CVE-2016-8669 – Qemu: char: divide by zero error in serial_update_parameters
https://notcve.org/view.php?id=CVE-2016-8669
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. La función serial_update_parameters en hw/char/serial.c en QEMU (también conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegación de servicio (error de división por cero y caída del proceso QEMU) a través de vectores que involucran un valor de divisor mayor que la base baud. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3592fe0c919cf27a81d8e9f9b4f269553418bb01 http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html http://www.openwall.com/lists/oss-security/2016/10/14/9 http://www.openwall.com/lists/oss-security/2016/10/15/5 http://www.securityfocus.com/bid/93563 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https:/&#x • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2015-5160 – libvirt: Ceph id/key leaked in the process list
https://notcve.org/view.php?id=CVE-2015-5160
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. libvirt en versiones anteriores a la 2.2 incluye las credenciales de Ceph en la línea de comandos qemu cuando se utiliza RADOS Block Device (también conocido como RBD), lo que permite a los usuarios locales obtener información sensible mediante un listado de procesos. It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. • http://rhn.redhat.com/errata/RHSA-2016-2577.html http://www.openwall.com/lists/oss-security/2017/07/21/3 https://bugs.launchpad.net/ossn/+bug/1686743 https://bugzilla.redhat.com/show_bug.cgi?id=1245647 https://wiki.openstack.org/wiki/OSSN/OSSN-0079 https://access.redhat.com/security/cve/CVE-2015-5160 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •