Page 4 of 405 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2167423 https://gitlab.com/qemu-project/qemu/-/commit/07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158 https://gitlab.com/qemu-project/qemu/-/commit/88288c2a51faa7c795f053fc8b31b1c16ff804c5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEOC7SRJWLZSXCND2ADFW6C76ZMTZLE4 https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg01445 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. • https://access.redhat.com/security/cve/CVE-2023-1544 https://bugzilla.redhat.com/show_bug.cgi?id=2180364 https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html https://security.netapp.com/advisory/ntap-20230511-0005 • CWE-125: Out-of-bounds Read CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. • https://access.redhat.com/security/cve/CVE-2023-0330 https://bugzilla.redhat.com/show_bug.cgi?id=2160151 https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. Se encontraron problemas de desbordamiento de enteros y desbordamiento de búfer en el dispositivo ACPI Error Record Serialization Table (ERST) de QEMU en las funciones read_erst_record() y write_erst_record(). Ambos problemas pueden permitir que el huésped sobrecargue el búfer del host asignado para el dispositivo de memoria ERST. • https://gitlab.com/qemu-project/qemu/-/commit/defb7098 https://gitlab.com/qemu-project/qemu/-/issues/1268 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk%40c--e.de https://security.netapp.com/advisory/ntap-20230127-0013 https://access.redhat.com/security/cve/CVE-2022-4172 https://bugzilla.redhat.com/show_bug.cgi?id=2149105 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. Se encontró una falla de lectura fuera de los límites en la emulación del dispositivo de visualización QXL en QEMU. La función qxl_phys2virt() no verifica el tamaño de la estructura a la que apunta la dirección física del invitado, lo que potencialmente lee más allá del final del espacio de la barra en páginas adyacentes. • https://bugzilla.redhat.com/show_bug.cgi?id=2148506 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html https://security.netapp.com/advisory/ntap-20230127-0012 https://access.redhat.com/security/cve/CVE-2022-4144 • CWE-125: Out-of-bounds Read •