CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1544 – Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()
https://notcve.org/view.php?id=CVE-2023-1544
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. • https://access.redhat.com/security/cve/CVE-2023-1544 https://bugzilla.redhat.com/show_bug.cgi?id=2180364 https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html https://security.netapp.com/advisory/ntap-20230511-0005 • CWE-125: Out-of-bounds Read CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0330 – Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow
https://notcve.org/view.php?id=CVE-2023-0330
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. • https://access.redhat.com/security/cve/CVE-2023-0330 https://bugzilla.redhat.com/show_bug.cgi?id=2160151 https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-4172 – QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record
https://notcve.org/view.php?id=CVE-2022-4172
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. Se encontraron problemas de desbordamiento de enteros y desbordamiento de búfer en el dispositivo ACPI Error Record Serialization Table (ERST) de QEMU en las funciones read_erst_record() y write_erst_record(). Ambos problemas pueden permitir que el huésped sobrecargue el búfer del host asignado para el dispositivo de memoria ERST. • https://gitlab.com/qemu-project/qemu/-/commit/defb7098 https://gitlab.com/qemu-project/qemu/-/issues/1268 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de https://security.netapp.com/advisory/ntap-20230127-0013 https://access.redhat.com/security/cve/CVE-2022-4172 https://bugzilla.redhat.com/show_bug.cgi?id=2149105 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4144 – QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read
https://notcve.org/view.php?id=CVE-2022-4144
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. Se encontró una falla de lectura fuera de los límites en la emulación del dispositivo de visualización QXL en QEMU. La función qxl_phys2virt() no verifica el tamaño de la estructura a la que apunta la dirección física del invitado, lo que potencialmente lee más allá del final del espacio de la barra en páginas adyacentes. • https://bugzilla.redhat.com/show_bug.cgi?id=2148506 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html https://security.netapp.com/advisory/ntap-20230127-0012 https://access.redhat.com/security/cve/CVE-2022-4144 • CWE-125: Out-of-bounds Read •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-3872
https://notcve.org/view.php?id=CVE-2022-3872
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Se encontró un problema de lectura/escritura de uno en uno en el dispositivo SDHCI de QEMU. Ocurre al leer/escribir el registro del Puerto de Datos del Búfer en sdhci_read_dataport y sdhci_write_dataport, respectivamente, si data_count == block_size. • https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html https://security.netapp.com/advisory/ntap-20221215-0005 • CWE-193: Off-by-one Error •