Page 5 of 40 results (0.015 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time. ** EN DISPUTA ** El archivo softmmu/physmem.c en QEMU versiones hasta 7.0.0, puede llevar a cabo una lectura no inicializada en la ruta translate_fail, conllevando a un bloqueo io_readx o io_writex. NOTA: un tercero afirma que el caso de uso de no virtualización en la referencia de qemu.org se aplica aquí, es decir, "Los errores que afectan al caso de uso de no virtualización no se consideran errores de seguridad en este momento" • https://github.com/qemu/qemu/blob/f200ff158d5abcb974a6b597a962b6b2fbea2b06/softmmu/physmem.c https://github.com/qemu/qemu/blob/v7.0.0/include/exec/cpu-all.h#L145-L148 https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482 https://github.com/qemu/qemu/commit/3517fb726741c109cae7995f9ea46f0cab6187d6#diff-83c563ed6330dc5d49876f1116e7518b5c16654bbc6e9b4ea8e28f5833d576fcR482.aa https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c https://gitlab.com/qemu-project/qemu • CWE-908: Use of Uninitialized Resource •

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 2

A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. Se ha encontrado un problema de reentrada DMA en la emulación del controlador NVM Express (NVME) en QEMU. Este CVE es similar al CVE-2021-3750 y, al igual que éste, cuando la escritura de reentrada desencadena la función de reinicio nvme_ctrl_reset(), los structs de datos serán liberados conllevando a un problema de uso de memoria previamente liberada. • https://github.com/QiuhaoLi/CVE-2021-3929-3947 https://access.redhat.com/security/cve/CVE-2021-3929 https://bugzilla.redhat.com/show_bug.cgi?id=2020298 https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385 https://gitlab.com/qemu-project/qemu/-/issues/556 https://gitlab.com/qemu-project/qemu/-/issues/782 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHNN7QJCEQH7AQG5AQP2GEFAQE6K635I • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. Se encontró una vulnerabilidad de desbordamiento de pila en el dispositivo Intel HD Audio (intel-hda) de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1973784 https://gitlab.com/qemu-project/qemu/-/issues/542 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220624-0001 https://access.redhat.com/security/cve/CVE-2021-3611 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 1

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. • https://bugzilla.redhat.com/show_bug.cgi?id=1999073 https://gitlab.com/qemu-project/qemu/-/issues/541 https://gitlab.com/qemu-project/qemu/-/issues/556 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220624-0003 https://access.redhat.com/security/cve/CVE-2021-3750 • CWE-416: Use After Free •

CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 1

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Se ha encontrado un fallo en la emulación del dispositivo de visualización QXL en QEMU. Un desbordamiento de enteros en la función cursor_alloc() puede conllevar a una asignación de un pequeño objeto cursor seguido de un posterior desbordamiento del búfer en la región heap de la memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=2036998 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://starlabs.sg/advisories/21-4206 https://www.debian.org/security/2022/dsa-5133 https://access.redhat.com/security/cve/CVE-2021-4206 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •