CVE-2015-7549
https://notcve.org/view.php?id=CVE-2015-7549
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. La compatibilidad MSI-X MMIO en hw/pci/msix.c en QEMU (también conocido como Quick Emulator) permite que usuarios privilegiados invitados locales del sistema operativo provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado del proceso QEMU) aprovechando el error a la hora de definir el método .write. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/14/2 http://www.securityfocus.com/bid/80761 https://bugzilla.redhat.com/show_bug.cgi?id=1291137 https://security.gentoo.org/glsa/201602-01 • CWE-476: NULL Pointer Dereference •
CVE-2015-8613
https://notcve.org/view.php?id=CVE-2015-8613
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. El desbordamiento de búfer basado en la pila en la función megasas_ctrl_get_info en QEMU, cuando se construye con el soporte de emulación SCSI MegaRAID SAS HBA, permite a los usuarios locales invitados provocar una denegación de servicio (caída de instancia QEMU) a través de un comando CTRL_GET_INFO. • http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/22/1 http://www.securityfocus.com/bid/79719 https://bugzilla.redhat.com/show_bug.cgi?id=1284008 https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html https://security.gentoo.org/glsa/201604-01 • CWE-787: Out-of-bounds Write •
CVE-2015-8743
https://notcve.org/view.php?id=CVE-2015-8743
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. QEMU (también conocido como Quick Emulator) construido con el soporte de emulación de dispositivo NE2000 es vulnerable a un problema de acceso OOB r/w. Podría ocurrir mientras se realizan operaciones 'ioport' r/w. • http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2016/01/04/1 http://www.openwall.com/lists/oss-security/2016/01/04/2 http://www.securityfocus.com/bid/79820 http://www.securitytracker.com/id/1034574 https://bugzilla.redhat.com/show_bug.cgi?id=1264929 https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html https:/ • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2015-8568
https://notcve.org/view.php?id=CVE-2015-8568
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. La pérdida de memoria en QEMU, cuando se construye con un VMWARE VMXNET3 paravirtual NIC emulador de soporte, permite a los usuarios locales invitados a provocar una denegación de servicio (consumo de memoria del host) al intentar activar el dispositivo vmxnet3 repetidamente. • http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/15/10 http://www.securityfocus.com/bid/79721 https://bugzilla.redhat.com/show_bug.cgi?id=1289816 https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html https://security.gentoo.org/glsa/201602-01 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2015-8558
https://notcve.org/view.php?id=CVE-2015-8558
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. La función ehci_process_itd en hw/usb/hcd-ehci.c en QEMU permite a administradores de SO locales invitados provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una lista iTD (de descriptor de transferencia isócrona) circular. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=156a2e4dbffa85997636a7a39ef12da6f1b40254 http://www.debian.org/security/2016/dsa-3469 http://www.debian.org/security/2016/dsa-3470 http://www.debian.org/security/2016/dsa-3471 http://www.openwall.com/lists/oss-security/2015/12/14/16 http://www.openwall.com/lists/oss-security/2015/12/14/9 http://www.securityfocus.com/bid/80694 https://bugzilla.redhat.com/show_bug.cgi?id=1277983 https://lists.gnu.org/archive/html/qemu • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •