CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3544 – Debian Security Advisory 4980-1
https://notcve.org/view.php?id=CVE-2021-3544
02 Jun 2021 — Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. Se han encontrado varias pérdidas de memoria en el dispositivo virtio vhost-user GPU (vhost-user-gpu) de QEMU en las versiones hasta la 6.0 incluyéndola. Se presentan en los archivos contrib/vhost-user-gpu/vhost-user-gpu... • http://www.openwall.com/lists/oss-security/2021/05/31/1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35503
https://notcve.org/view.php?id=CVE-2020-35503
02 Jun 2021 — A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de desreferencia del puntero NULL en la emulación megasas-ge... • https://bugzilla.redhat.com/show_bug.cgi?id=1910346 • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35506 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2020-35506
28 May 2021 — A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process. Se encontró una vulnerabilidad de uso de memoria previamente liberada en la emulación del adaptador bus de host SCSI am53c974 de QEMU en ver... • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35505 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2020-35505
28 May 2021 — A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de desreferencia del puntero NULL en la emulación del adaptador de bus de host SCSI am53c974 de QEMU en versiones ... • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-476: NULL Pointer Dereference •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35504 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2020-35504
28 May 2021 — A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de desreferencia del puntero NULL en el soporte de emulación SCSI de QEMU en versiones anteriores a 6.0.0. Este fallo permite a un usuario invitado privilegiado bloquear el proceso QEMU en el host... • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-20196 – QEMU: block: fdc: null pointer dereference may lead to guest crash
https://notcve.org/view.php?id=CVE-2021-20196
26 May 2021 — A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de desreferencia de puntero NULL en el emulador floppy disk de QEMU. • https://bugs.launchpad.net/qemu/+bug/1912780 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3527 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2021-3527
26 May 2021 — A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resul... • https://bugzilla.redhat.com/show_bug.cgi?id=1955695 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3507 – QEMU: fdc: heap buffer overflow in DMA read data transfers
https://notcve.org/view.php?id=CVE-2021-3507
06 May 2021 — A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. Se encontró un desbordamiento del búfer de pila en el emulador de disquete de QEMU versiones hasta 6.0.0 (in... • https://bugzilla.redhat.com/show_bug.cgi?id=1951118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-20221 – qemu: out-of-bound heap buffer access via an interrupt ID field
https://notcve.org/view.php?id=CVE-2021-20221
07 Apr 2021 — An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un proble... • http://www.openwall.com/lists/oss-security/2021/02/05/1 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20295 – QEMU: Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3
https://notcve.org/view.php?id=CVE-2021-20295
06 Apr 2021 — It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security... • https://access.redhat.com/security/cve/CVE-2020-10756 • CWE-125: Out-of-bounds Read •