CVE-2014-5388
https://notcve.org/view.php?id=CVE-2014-5388
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption. Error de superación de límite (off-by-one) en la función pci_read en ACPI PCI interfaz hotplug (hw/acpi/pcihp.c) en QEMU permite a usuarios locales invitados obtener información sensible y tener otro impacto no especificado relacionado con un dispositivo PCI manipulado que provoca daños en la memoria. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=fa365d7cd11185237471823a5a33d36765454e16 http://seclists.org/oss-sec/2014/q3/438 http://seclists.org/oss-sec/2014/q3/440 http://www.ubuntu.com/usn/USN-2409-1 https://bugzilla.redhat.com/show_bug.cgi?id=1132956 https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html • CWE-193: Off-by-one Error •
CVE-2014-3689
https://notcve.org/view.php?id=CVE-2014-3689
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. El driver vmware-vga (hw/display/vmware_vga.c) en QEMU permite a usuarios locales invitados escribir en la localizaciones de la memoria en qemu y ganar privilegios a través de parámetros sin especificar relacionados con la manipulación del rectángulo. • http://secunia.com/advisories/60923 http://secunia.com/advisories/62143 http://secunia.com/advisories/62144 http://www.debian.org/security/2014/dsa-3066 http://www.debian.org/security/2014/dsa-3067 http://www.osvdb.org/114397 http://www.ubuntu.com/usn/USN-2409-1 https://www.mail-archive.com/qemu-devel%40nongnu.org/msg261580.html • CWE-269: Improper Privilege Management •
CVE-2014-7815 – qemu: vnc: insufficient bits_per_pixel from the client sanitization
https://notcve.org/view.php?id=CVE-2014-7815
The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. La función set_pixel_format en ui/vnc.c en QEMU permite a atacantes remotos causar una denegación de servicio (caída) a través de valores pequeños de bytes_per_pixel. An uninitialized data structure use flaw was found in the way the set_pixel_format() function sanitized the value of bits_per_pixel. An attacker able to access a guest's VNC console could use this flaw to crash the guest. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://rhn.redhat.com/errata/RHSA-2015-0349.html http://rhn.redhat.com/errata/RHSA-2015-0624.html http://secunia.com/advisories/61484 http://secunia.com/advisories/62143 http://secunia.com/advisories/62144 http://support.citrix.com/article/CTX200892 http://www.debian.org/security/2014/dsa-3066 http://www.debian.org/secu • CWE-20: Improper Input Validation •
CVE-2014-3615 – Qemu: information leakage when guest sets high resolution
https://notcve.org/view.php?id=CVE-2014-3615
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. El emulador VGA en QEMU permite a usuarios locales invitados leer la memoria del anfitrión mediante la configuración de la pantalla a una resolución alta. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ab9509cceabef28071e41bdfa073083859c949a7 http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=c1b886c45dc70f247300f549dce9833f3fa2def5 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://rhn.redhat.com/errata/RHSA-2014-1669.html http://rhn.redhat.com/errata/RHSA-2014-1670.html http://rhn.redhat.com/errata/RHSA-2014-1941.html http://secunia.com/advisories/61829 http://support.citrix.com/article/CTX200892 http://www.de • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-3640 – qemu: slirp: NULL pointer deref in sosendto()
https://notcve.org/view.php?id=CVE-2014-3640
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. La función sosendto en slirp/udp.c en QEMU anterior a 2.1.2 permite a usuarios locales causar una denegación de servicio (referencia a puntero nulo) mediante el envió de un paquete udp con un valor de 0 en el pueto y dirección de la fuente, lo que provoca el acceso a un socket no inicializado. A NULL pointer dereference flaw was found in the way QEMU handled UDP packets with a source port and address of 0 when QEMU's user networking was in use. A local guest user could use this flaw to crash the guest. • http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04598.html http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg04707.html http://rhn.redhat.com/errata/RHSA-2015-0349.html http://rhn.redhat.com/errata/RHSA-2015-0624.html http://www.debian.org/security/2014/dsa-3044 http://www.debian.org/security/2014/dsa-3045 http://www.ubuntu.com/usn/USN-2409-1 https://bugzilla.redhat. • CWE-476: NULL Pointer Dereference •