CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4439
https://notcve.org/view.php?id=CVE-2016-4439
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. La función esp_reg_write en hw/scsi/esp.c en el soporte 53C9X Fast SCSI Controller (FSC) en QEMU no comprueba correctamente el comando de longitud del buffer, lo que permite a los administradores de SO invitados locales provocar una denegación del servicio (escritura fuera de rango y caída del proceso QEMU) o potencialmente ejecutar código arbitrario en el anfitrión QEMU a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2016/05/19/3 http://www.securityfocus.com/bid/90760 http://www.ubuntu.com/usn/USN-3047-1 http://www.ubuntu.com/usn/USN-3047-2 https://bugzilla.redhat.com/show_bug.cgi?id=1337502 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html https://security.gentoo.org/glsa/201609-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0CVE-2016-4037
https://notcve.org/view.php?id=CVE-2016-4037
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558. La función ehci_advance_state en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista siTD (de descriptor de transferencia isócrona dividida) circular, problema relacionado con CVE-2015-8558. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1ae3f2f178087711f9591350abad133525ba93f2 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://www.openwall.com/lists/oss-security/2016/04/18/3 http://www.openwall.com/lists/oss-security/2016/04/18/6 http://www.securityfocus.com/bid/86283 http://www.ubun • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2391
https://notcve.org/view.php?id=CVE-2016-2391
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. La función ohci_bus_start en el suporte de emulación USB OHCI (hw/usb/hcd-ohci.c) en QEMU permite a administradores locales del SO invitado provocar una denegación de servicio (referencia a puntero NULL y caída del proceso QEMU) a través de vectores relacionados con temporizadores eof múltiples. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa1298c2d623522eda7b4f1f721fcb935abb7360 http://www.openwall.com/lists/oss-security/2016/02/16/2 http://www.securityfocus.com/bid/83263 http://www.ubuntu.com/usn/USN-2974-1 https://bugzilla.redhat.com/show_bug.cgi?id=1304794 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.6EPSS: 3%CPEs: 11EXPL: 0CVE-2016-4001
https://notcve.org/view.php?id=CVE-2016-4001
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. Desbordamiento de buffer en la función stellaris_enet_receive en hw/net/stellaris_enet.c en QEMU, cuando el controlador ethernet Stellaris está configurado para aceptar paquetes grandes, permite a atacantes remotos provocar una denegación de servicio (caída de QEMU) a través de un paquete grande. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3a15cc0e1ee7168db0782133d2607a6bfa422d66 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183275.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183350.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184209.html http://www.openwall.com/lists/oss-security/2016/04/11/4 http://www.openwall.com/lists/oss-security/2016/04/12/6 http://www.securityfocus.com/bid/85976 http://www.ubun • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2016-4020 – Qemu: i386: leakage of stack memory to guest in kvmvapic.c
https://notcve.org/view.php?id=CVE-2016-4020
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). La función patch_instruction en hw/i386/kvmvapic.c en QEMU no inicializa la variable imm32, lo que permite a administradores locales del SO invitado obtener información sensible de la memoria de pila del anfitrión accediendo al Task Priority Register (TPR). An information-exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0 http://www.securityfocus.com/bid/86067 http://www.ubuntu.com/usn/USN-2974-1 https://access.redhat.com/errata/RHSA-2017:1856 https://access.redhat.com/errata/RHSA-2017:2392 https://access.redhat.com/errata/RHSA-2017:2408 https://bugzilla.redhat.com/show_bug.cgi?id=1313686 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •