CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2392
https://notcve.org/view.php?id=CVE-2016-2392
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet. La función is_rndis en el dispositivo de emulación USB Net (hw/usb/dev-network.c) en QEMU en versiones anteriores a 2.5.1 no valida correctamente objetos descriptores de configuración USB, lo que permite a administradores locales del SO invitado provocar una denegación de servicio (referencia a puntero NULL y caída del proceso QEMU) a través de vectores que involucran un paquete de mensajes de control remoto de NDIS. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=80eecda8e5d09c442c24307f340840a5b70ea3b9 http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html http://www.openwall.com/lists/oss-security/2016/02/16/7 http://www.securityfocus.com/bid/83274 http://www.ubuntu.com/usn/USN-2974-1 https://bugzilla.redhat.com/show_bug.cgi?id=1302299 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg02553.h •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-2858
https://notcve.org/view.php?id=CVE-2016-2858
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. QEMU, cuando está construido con el soporte back-end Pseudo Random Number Generator (PRNG), permite a usuarios locales del SO invitado provocar una denegación de servicio (caída del proceso) a través una petición de entropía, lo que desencadena una asignación arbitraria basada en asignación y corrupción de memoria. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 http://www.openwall.com/lists/oss-security/2016/03/04/1 http://www.openwall.com/lists/oss-security/2016/03/07/4 http://www.securityfocus.com/bid/84134 http://www.ubuntu.com/usn/USN-2974-1 https://bugzilla.redhat.com/show_bug.cgi?id=1314676 https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html https://security.gentoo.org/glsa/201604-01 • CWE-331: Insufficient Entropy •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8701
https://notcve.org/view.php?id=CVE-2015-8701
QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación switch Rocker es vulnerable a un error off-by-one. Sucede mientras se procesan los descriptores de transmisión (tx) en rutina 'tx_consume', si un descriptor debía tener más fragmentos (ROCKER_TX_FRAGS_MAX=16) de los permitidos. • http://www.openwall.com/lists/oss-security/2015/12/28/6 http://www.openwall.com/lists/oss-security/2015/12/29/1 http://www.securityfocus.com/bid/79706 https://bugzilla.redhat.com/show_bug.cgi?id=1286971 https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html https://security.gentoo.org/glsa/201602-01 • CWE-193: Off-by-one Error •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8745
https://notcve.org/view.php?id=CVE-2015-8745
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con un soporte de emulador VMWARE VMXNET3 paravirtual NIC es vulnerable a un problema de caída. Podría ocurrir mientras lee Interrupt Mask Registers (IMR). • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c6048f849c7e3f009786df76206e895 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2016/01/04/4 http://www.openwall.com/lists/oss-security/2016/01/04/7 http://www.securityfocus.com/bid/79822 http://www.securitytracker.com/id/1034575 https://bugzilla.redhat.com/show_bug.cgi?id=1270876 https://security.gentoo.org/glsa/201602-01 • CWE-617: Reachable Assertion •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8743
https://notcve.org/view.php?id=CVE-2015-8743
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación de dispositivo NE2000 es vulnerable a un problema de acceso OOB r/w. Podría ocurrir mientras se realizan operaciones 'ioport' r/w. • http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2016/01/04/1 http://www.openwall.com/lists/oss-security/2016/01/04/2 http://www.securityfocus.com/bid/79820 http://www.securitytracker.com/id/1034574 https://bugzilla.redhat.com/show_bug.cgi?id=1264929 https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html https:/ • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •