Page 4 of 40 results (0.008 seconds)

CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Se encontró un problema de lectura/escritura de uno en uno en el dispositivo SDHCI de QEMU. Ocurre al leer/escribir el registro del Puerto de Datos del Búfer en sdhci_read_dataport y sdhci_write_dataport, respectivamente, si data_count == block_size. • https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html https://security.netapp.com/advisory/ntap-20221215-0005 • CWE-193: Off-by-one Error •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. Se ha encontrado un problema de desbordamiento de enteros en el servidor VNC de QEMU mientras son procesados mensajes ClientCutText en el formato extendido. Un cliente malicioso podría usar este fallo para hacer que QEMU no responda mediante el envío de un mensaje de carga útil especialmente diseñado, resultando en una denegación de servicio An integer underflow issue was found in the QEMU built-in VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. • https://gitlab.com/qemu-project/qemu/-/commit/d307040b18 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I36LKZA7Z65J3LJU2P37LVTWDFTXBMPU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E https://security.netapp.com/advisory/ntap-20221223-0006 https://access.redhat.com/security/cve/CVE-2022-3165 https://bugzilla.redhat.com/show_bug.cgi?id=2129739 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Se encontró un problema de reentrada DMA en la emulación del dispositivo Tulip en QEMU. • https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182 https://gitlab.com/qemu-project/qemu/-/issues/1171 • CWE-400: Uncontrolled Resource Consumption CWE-662: Improper Synchronization •

CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. Se ha encontrado un problema de bloqueo en el dispositivo controlador AHCI de QEMU. • https://access.redhat.com/security/cve/CVE-2021-3735 https://bugzilla.redhat.com/show_bug.cgi?id=1997184 https://security-tracker.debian.org/tracker/CVE-2021-3735 • CWE-400: Uncontrolled Resource Consumption CWE-667: Improper Locking •

CVSS: 3.2EPSS: 0%CPEs: 11EXPL: 2

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. Se ha encontrado un fallo de bucle infinito en la emulación del controlador USB xHCI de QEMU mientras es calculada la longitud del anillo de petición de transferencia (TRB). Este fallo permite a un usuario invitado privilegiado colgar el proceso de QEMU en el host, resultando en una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1908004 https://gitlab.com/qemu-project/qemu/-/issues/646 https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •