CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1981 – Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines
https://notcve.org/view.php?id=CVE-2016-1981
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación e1000 NIC es vulnerable a un problema de bucle infinito. Podría ocurrir mientras se procesan datos a través de descriptores de transmisión o recepción, siempre que la cabeza inicial del descriptor de recepción/transmisión (TDH/RDH) se establezca fuera del búfer de descriptor asignado. • http://rhn.redhat.com/errata/RHSA-2016-2585.html http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2016/01/19/10 http://www.openwall.com/lists/oss-security/2016/01/22/1 http://www.securityfocus.com/bid/81549 https://bugzilla.redhat.com/show_bug.cgi?id=1298570 https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8744
https://notcve.org/view.php?id=CVE-2015-8744
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. QEMU (también conocido como Quick Emulator) construido con un soporte de emulador VMWARE VMXNET3 paravirtual NIC es vulnerable a un problema de caída. Ocurre cuando un invitado envía un paquete Layer-2 más pequeño que 22 bytes. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2016/01/04/3 http://www.openwall.com/lists/oss-security/2016/01/04/6 http://www.securityfocus.com/bid/79821 http://www.securitytracker.com/id/1034576 https://bugzilla.redhat.com/show_bug.cgi?id=1270871 https://security.gentoo.org/glsa/201602-01 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8619
https://notcve.org/view.php?id=CVE-2015-8619
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). El Human Monitor Interface support in QEMU permite a los atacantes remotos provocar una denegación de servicio (fallo de escritura y aplicación fuera de límites). • http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/23/1 http://www.securityfocus.com/bid/79668 https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html https://security.gentoo.org/glsa/201604-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8558
https://notcve.org/view.php?id=CVE-2015-8558
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. La función ehci_process_itd en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista iTD (de descriptor de transferencia isócrona) circular. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254 http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/14/16 http://www.openwall.com/lists/oss-security/2015/12/14/9 http://www.securityfocus.com/bid/80694 https://bugzilla.redhat.com/show_bug.cgi?id=1277983 https://lists.gnu.org/archive/html/qemu • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1568 – Qemu: ide: ahci use-after-free vulnerability in aio port commands
https://notcve.org/view.php?id=CVE-2016-1568
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. Vulnerabilidad de uso después de liberación de memoria en hw/ide/ahci.c en QEMU, cuando se construye con soporte de emulación IDE AHCI, permite a usuarios del SO invitado causar una denegación de servicio (caída de instancia) o posiblemente ejecutar código arbitrario a través de un comando AHCI Native Command Queuing (NCQ) AIO no válido. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing (NCQ) AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ab0359a8ae182a7ac5c99609667273167703fab http://rhn.redhat.com/errata/RHSA-2016-0084.html http://rhn.redhat.com/errata/RHSA-2016-0086.html http://rhn.redhat.com/errata/RHSA-2016-0087.html http://rhn.redhat.com/errata/RHSA-2016-0088.html http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2016/0 • CWE-416: Use After Free •