CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4441
https://notcve.org/view.php?id=CVE-2016-4441
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. La función get_cmd en hw/scsi/esp.c en el soporte 53C9X Fast SCSI Controller (FSC) en QEMU no comprueba correctamente la extensión DMA, lo que permite a administradores locales invitados del sistema operativo provocar una denegación del servicio (escritura fuera de rango y caída del proceso QEMU) a través de vectores no especificados, involucrando un comando SCSI. • http://www.openwall.com/lists/oss-security/2016/05/19/4 http://www.securityfocus.com/bid/90762 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://bugzilla.redhat.com/show_bug.cgi?id=1337505 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html https://security.gentoo.org/glsa/201609-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 3%CPEs: 11EXPL: 0CVE-2016-4001
https://notcve.org/view.php?id=CVE-2016-4001
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. Desbordamiento de buffer en la función stellaris_enet_receive en hw/net/stellaris_enet.c en QEMU, cuando el controlador ethernet Stellaris está configurado para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (caída de QEMU) a través de un paquete grande. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3a15cc0e1ee7168db0782133d2607a6bfa422d66 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://www.openwall.com/lists/oss-security/2016/04/11/4 http://www.openwall.com/lists/oss-security/2016/04/12/6 http://www.securityfocus.com/bid/85976 http://www.ubun • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0CVE-2016-4037
https://notcve.org/view.php?id=CVE-2016-4037
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. La función ehci_advance_state en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista siTD (de descriptor de transferencia isócrona dividida) circular, problema relacionado con CVE-2015-8558. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://www.openwall.com/lists/oss-security/2016/04/18/3 http://www.openwall.com/lists/oss-security/2016/04/18/6 http://www.securityfocus.com/bid/86283 http://www.ubun • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2391
https://notcve.org/view.php?id=CVE-2016-2391
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. La función ohci_bus_start en el suporte de emulación USB OHCI (hw/usb/hcd-ohci.c) en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (referencia a puntero NULL y caída del proceso QEMU) a través de vectores relacionados con temporizadores eof múltiples. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360 http://www.openwall.com/lists/oss-security/2016/02/16/2 http://www.securityfocus.com/bid/83263 http://www.ubuntu.com/usn/USN-2974-1 https://bugzilla.redhat.com/show_bug.cgi?id=1304794 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2841
https://notcve.org/view.php?id=CVE-2016-2841
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. La función ne2000_receive en el soporte de emulación NE2000 NIC (hw/net/ne2000.c) en QEMU en versiones anteriores a 2.5.1 permite a administradores locales del SO invitado provocar una denegación de servicio (bucle infinito y caída del proceso QEMU) a través de valores manipulados para los registros PSTART y PSTOP, involucrando control de anillo de buffer. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190 http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html http://www.openwall.com/lists/oss-security/2016/03/02/8 http://www.securityfocus.com/bid/84028 http://www.ubuntu.com/usn/USN-2974-1 https://bugzilla.redhat.com/show_bug.cgi?id=1303106 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.h • CWE-20: Improper Input Validation •