CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3607 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2021-3607
21 Jul 2021 — An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un desbordamiento de enteros en la implementación de QEMU del dispositivo RD... • https://bugzilla.redhat.com/show_bug.cgi?id=1973349 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3611 – QEMU: intel-hda: segmentation fault due to stack overflow
https://notcve.org/view.php?id=CVE-2021-3611
21 Jul 2021 — A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. Se encontró una vulnerabilidad de desbordamiento de pila en el dispositivo Intel HD Audio (intel-hda) de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1973784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3608 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2021-3608
15 Jul 2021 — A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare en versiones anteriores a 6.1.0. El problema es pro... • https://bugzilla.redhat.com/show_bug.cgi?id=1973383 • CWE-824: Access of Uninitialized Pointer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27661
https://notcve.org/view.php?id=CVE-2020-27661
02 Jun 2021 — A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de división por cero en la función dwc2_handle_packet en el archivo hw/usb/hcd-dwc2.c en la emulación del controlador de host USB hcd-dwc2 de QEMU. Un huésped malicioso podría utilizar este fallo para bloquear el proceso de QEMU en el host, resul... • https://bugzilla.redhat.com/show_bug.cgi?id=1890653 • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-12067
https://notcve.org/view.php?id=CVE-2019-12067
02 Jun 2021 — The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. La función ahci_commit_buf en el archivo ide/ahci.c en QEMU permite a atacantes causar una denegación de servicio (derivación de NULL) cuando el encabezado del comando "ad-)cur_cmd" es null • https://bugzilla.suse.com/show_bug.cgi?id=1145642 • CWE-476: NULL Pointer Dereference •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3546 – Debian Security Advisory 4980-1
https://notcve.org/view.php?id=CVE-2021-3546
02 Jun 2021 — An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process. Se ha encontrado una vulnerabilidad de escritura fuera de límites en el dispositivo GPU... • http://www.openwall.com/lists/oss-security/2021/05/31/1 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3545 – Debian Security Advisory 4980-1
https://notcve.org/view.php?id=CVE-2021-3545
02 Jun 2021 — An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. Se ha encontrado una vulnerabilidad de divulgación de información en el dispositivo GPU virtio vhost-user (vhost-user-gpu) de QEMU en las versiones hasta... • http://www.openwall.com/lists/oss-security/2021/05/31/1 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3544 – Debian Security Advisory 4980-1
https://notcve.org/view.php?id=CVE-2021-3544
02 Jun 2021 — Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. Se han encontrado varias pérdidas de memoria en el dispositivo virtio vhost-user GPU (vhost-user-gpu) de QEMU en las versiones hasta la 6.0 incluyéndola. Se presentan en los archivos contrib/vhost-user-gpu/vhost-user-gpu... • http://www.openwall.com/lists/oss-security/2021/05/31/1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35503 – openSUSE Security Advisory - openSUSE-SU-2021:2789-1
https://notcve.org/view.php?id=CVE-2020-35503
02 Jun 2021 — A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de desreferencia del puntero NULL en la emulación megasas-ge... • https://bugzilla.redhat.com/show_bug.cgi?id=1910346 • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35506 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2020-35506
28 May 2021 — A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process. Se encontró una vulnerabilidad de uso de memoria previamente liberada en la emulación del adaptador bus de host SCSI am53c974 de QEMU en ver... • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-416: Use After Free •