CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3527 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2021-3527
26 May 2021 — A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resul... • https://bugzilla.redhat.com/show_bug.cgi?id=1955695 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3507 – QEMU: fdc: heap buffer overflow in DMA read data transfers
https://notcve.org/view.php?id=CVE-2021-3507
06 May 2021 — A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. Se encontró un desbordamiento del búfer de pila en el emulador de disquete de QEMU versiones hasta 6.0.0 (in... • https://bugzilla.redhat.com/show_bug.cgi?id=1951118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3409 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2021-3409
23 Mar 2021 — The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. Se detectó que el parche para CVE-2020-17380/CVE-2020-25085 era ineficaz, por lo que QEMU era vulnerable a prob... • https://bugzilla.redhat.com/show_bug.cgi?id=1928146 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3392 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2021-3392
23 Mar 2021 — A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected. Se encontró un fallo de uso de la memoria previamente liberada en el emulador MegaRAID de QEMU. • https://bugs.launchpad.net/qemu/+bug/1914236 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-3416 – QEMU: net: Infinite loop in loopback mode may lead to stack overflow
https://notcve.org/view.php?id=CVE-2021-3416
18 Mar 2021 — A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario. Se encontró un posible desbordamiento de la pila por medio de un problema de bucle infinito en varios emuladores de NIC de QEMU en versiones hasta 5.2.0 incluyéndola.&... • https://bugzilla.redhat.com/show_bug.cgi?id=1932827 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20263 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-20263
09 Mar 2021 — A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. Se encontró un fallo en el demonio del sistema de archivos compartidos virtio-fs (virtiofsd) de QEMU. La nueva opción "xattrmap" puede... • https://bugzilla.redhat.com/show_bug.cgi?id=1933668 • CWE-281: Improper Preservation of Permissions •
CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 1CVE-2021-20203 – Ubuntu Security Notice USN-5307-1
https://notcve.org/view.php?id=CVE-2021-20203
25 Feb 2021 — An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un problema de desbordamiento de enteros en el emulador de NIC vmxnet3 de QEMU para versiones hasta v5.2.0. Puede ocurrir si un invitado estaba suministrando valores no válidos para el t... • https://bugs.launchpad.net/qemu/+bug/1913873 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20181 – QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-20181
08 Feb 2021 — A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. Se encontró un fallo de condición de carrera en la implementación del servidor 9pfs de QEMU versiones hasta 5.2.0 incluyéndola. Este fallo permite a un cliente 9p malicios... • https://bugzilla.redhat.com/show_bug.cgi?id=1927007 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2020-35517 – QEMU: virtiofsd: potential privileged host device access from guest
https://notcve.org/view.php?id=CVE-2020-35517
28 Jan 2021 — A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. Se encontró un fallo en qemu. Se encontró un problema de escalada de privilegios del host en el demonio del sistema de archivos compartidos virtio-fs, donde un usuario invitado privilegiado puede crear un archivo especial de dispositivo en el directorio compart... • https://bugzilla.redhat.com/show_bug.cgi?id=1915823 • CWE-269: Improper Privilege Management •