CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3930 – QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c
https://notcve.org/view.php?id=CVE-2021-3930
10 Dec 2021 — An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. Se ha encontrado un error "off-by-one" en la emulación de dispositivos SCSI en QEMU. Podía ocurrir mientras eran procesados comandos MODE SELECT en mode_sense_page() si el argumento "page" era establecido... • https://bugzilla.redhat.com/show_bug.cgi?id=2020588 • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-3748 – QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu
https://notcve.org/view.php?id=CVE-2021-3748
28 Oct 2021 — A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en el dispositivo virtio-... • https://bugzilla.redhat.com/show_bug.cgi?id=1998514 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3638 – Ubuntu Security Notice USN-6567-2
https://notcve.org/view.php?id=CVE-2021-3638
28 Oct 2021 — An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se ha encontrado un fallo de acceso a memoria fuera de límites en la emulación de dispositivos ATI VGA de QEMU. Este fallo es producido en la rutina ati_... • https://bugzilla.redhat.com/show_bug.cgi?id=1979858 • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3713 – Debian Security Advisory 4980-1
https://notcve.org/view.php?id=CVE-2021-3713
25 Aug 2021 — An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. Se ha detectado un fallo de escritura fuera de límites en la emulación del dispositi... • https://bugzilla.redhat.com/show_bug.cgi?id=1994640 • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3682 – QEMU: usbredir: free() call on invalid pointer in bufp_alloc()
https://notcve.org/view.php?id=CVE-2021-3682
05 Aug 2021 — A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. Se ha encontrado un fallo en la emulación del dispositivo redirector USB de QEMU en versiones... • https://bugzilla.redhat.com/show_bug.cgi?id=1989651 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-20257 – QEMU: net: e1000: infinite loop while processing transmit descriptors
https://notcve.org/view.php?id=CVE-2021-20257
15 Jul 2021 — An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de bucle infinito en el emulador NIC e1000 de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1930087 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3608 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2021-3608
15 Jul 2021 — A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare en versiones anteriores a 6.1.0. El problema es pro... • https://bugzilla.redhat.com/show_bug.cgi?id=1973383 • CWE-824: Access of Uninitialized Pointer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27661
https://notcve.org/view.php?id=CVE-2020-27661
02 Jun 2021 — A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de división por cero en la función dwc2_handle_packet en el archivo hw/usb/hcd-dwc2.c en la emulación del controlador de host USB hcd-dwc2 de QEMU. Un huésped malicioso podría utilizar este fallo para bloquear el proceso de QEMU en el host, resul... • https://bugzilla.redhat.com/show_bug.cgi?id=1890653 • CWE-369: Divide By Zero •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3546 – Debian Security Advisory 4980-1
https://notcve.org/view.php?id=CVE-2021-3546
02 Jun 2021 — An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process. Se ha encontrado una vulnerabilidad de escritura fuera de límites en el dispositivo GPU... • http://www.openwall.com/lists/oss-security/2021/05/31/1 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3545 – Debian Security Advisory 4980-1
https://notcve.org/view.php?id=CVE-2021-3545
02 Jun 2021 — An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. Se ha encontrado una vulnerabilidad de divulgación de información en el dispositivo GPU virtio vhost-user (vhost-user-gpu) de QEMU en las versiones hasta... • http://www.openwall.com/lists/oss-security/2021/05/31/1 • CWE-908: Use of Uninitialized Resource •