CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 1CVE-2021-4207 – QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow
https://notcve.org/view.php?id=CVE-2021-4207
29 Apr 2022 — A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Se ha encontrado un fallo en la emulación del dispositivo de visualización QXL en ... • https://bugzilla.redhat.com/show_bug.cgi?id=2036966 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1050 – Ubuntu Security Notice USN-6167-1
https://notcve.org/view.php?id=CVE-2022-1050
29 Mar 2022 — A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. Se ha encontrado un fallo en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare. Este defecto permite que un controlador de huésped crafteado ejecute comandos HW cuando los búferes compartidos aún no están asignados, lo que puede llevar a una condición de ... • https://bugzilla.redhat.com/show_bug.cgi?id=2069625 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3582 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-3582
25 Mar 2022 — A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare. • https://bugzilla.redhat.com/show_bug.cgi?id=1966266 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26354 – QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak
https://notcve.org/view.php?id=CVE-2022-26354
16 Mar 2022 — A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. Se ha encontrado un fallo en el dispositivo vhost-vsock de QEMU. En caso de error, un elemento inválido no era desprendido de la virtqueue antes de liberar su memoria, conllevando a una pérdida de memoria y otros resultados no esperados. • https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26353 – QEMU: virtio-net: map leaking on error during receive
https://notcve.org/view.php?id=CVE-2022-26353
16 Mar 2022 — A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. Se ha encontrado un fallo en el dispositivo virtio-net de QEMU. Este fallo fue introducido inadvertidamente con la corrección de CVE-2021-3748, que olvidaba desmapear los elementos de virtqueue almacenados en caché en caso de error, conllevan... • https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-4158 – QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c
https://notcve.org/view.php?id=CVE-2021-4158
28 Feb 2022 — A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Se ha encontrado un problema de desreferencia de puntero NULL en el código ACPI de QEMU. Un usuario malicioso y con privilegios dentro del huésped podía usar este fallo para bloquear el proceso de QEMU en el host, resultando en una situación de denegación de servicio. Gaoning Pan discovered th... • https://access.redhat.com/security/cve/CVE-2021-4158 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0358 – QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
https://notcve.org/view.php?id=CVE-2022-0358
28 Feb 2022 — A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating... • https://access.redhat.com/security/cve/CVE-2022-0358 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3607 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-3607
24 Feb 2022 — An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un desbordamiento de enteros en la implementación de QEMU del dispositivo RD... • https://bugzilla.redhat.com/show_bug.cgi?id=1973349 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3947 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-3947
18 Feb 2022 — A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information. Se ha encontrado un desbordamiento de pila en QEMU en el componente NVME. El fallo es encontrado en nvme_changed_nslist(), donde un huésped malicioso que controle determinadas entradas puede leer memoria fuera de límites. • https://bugzilla.redhat.com/show_bug.cgi?id=2021869 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-4145 – QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c
https://notcve.org/view.php?id=CVE-2021-4145
25 Jan 2022 — A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. Se encontró un problema de desreferencia de puntero NULL en la capa de réplica de bloques de QEMU en versiones anteriores a 6.2.0. El puntero... • https://bugzilla.redhat.com/show_bug.cgi?id=2034602 • CWE-476: NULL Pointer Dereference •