CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8619
https://notcve.org/view.php?id=CVE-2015-8619
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). El Human Monitor Interface support in QEMU permite a los atacantes remotos provocar una denegación de servicio (fallo de escritura y aplicación fuera de límites). • http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/23/1 http://www.securityfocus.com/bid/79668 https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html https://security.gentoo.org/glsa/201604-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8558
https://notcve.org/view.php?id=CVE-2015-8558
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. La función ehci_process_itd en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista iTD (de descriptor de transferencia isócrona) circular. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254 http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/14/16 http://www.openwall.com/lists/oss-security/2015/12/14/9 http://www.securityfocus.com/bid/80694 https://bugzilla.redhat.com/show_bug.cgi?id=1277983 https://lists.gnu.org/archive/html/qemu • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-1568 – Qemu: ide: ahci use-after-free vulnerability in aio port commands
https://notcve.org/view.php?id=CVE-2016-1568
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. Vulnerabilidad de uso después de liberación de memoria en hw/ide/ahci.c en QEMU, cuando se construye con soporte de emulación IDE AHCI, permite a usuarios del SO invitado causar una denegación de servicio (caída de instancia) o posiblemente ejecutar código arbitrario a través de un comando AHCI Native Command Queuing (NCQ) AIO no válido. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing (NCQ) AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ab0359a8ae182a7ac5c99609667273167703fab http://rhn.redhat.com/errata/RHSA-2016-0084.html http://rhn.redhat.com/errata/RHSA-2016-0086.html http://rhn.redhat.com/errata/RHSA-2016-0087.html http://rhn.redhat.com/errata/RHSA-2016-0088.html http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2016/0 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1714 – Qemu: nvram: OOB r/w access in processing firmware configurations
https://notcve.org/view.php?id=CVE-2016-1714
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. Las funciones (1) fw_cfg_write y (2) fw_cfg_read en hw/nvram/fw_cfg.c en QEMU en versiones anteriores a 2.4, cuando construye con el soporte de emulación de dispositivo de Firmware Configuration, permiten a usuarios del SO invitado con el privilegio CAP_SYS_RAWIO provocar una denegación de servicio (acceso a lectura o escritura fuera de rango y caída del proceso) o potencialmente ejecutar código arbitrario a través de un valor de entrada actual no válido en una configuración de firmware. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://rhn.redhat.com/errata/RHSA-2016-0081.html http://rhn.redhat.com/errata/RHSA-2016-0082.html http://rhn.redhat.com/errata/RHSA-2016-0083.html http://rhn.redhat.com/errata/RHSA-2016-0084.html http://rhn.redhat.com/errata/RHSA-2016-0085.html http://rhn.redhat.com/errata/RHSA-2016-0086.html http://rhn.redhat.com/errata/RHSA-2016-0087.html http://rhn.redhat.com/errata/RHSA-2016-0088.html http://www.debian.org/security/2016/dsa-3469 http://www.debia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 3CVE-2015-8556 – QEMU (Gentoo) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-8556
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. Vulnerabilidad de escalada de privilegios locales en el paquete Gentoo QEMU en versiones anteriores a 2.5.0-r1. • https://www.exploit-db.com/exploits/39010 http://packetstormsecurity.com/files/134948/Gentoo-QEMU-Local-Privilege-Escalation.html https://security.gentoo.org/glsa/201602-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •