CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35503 – openSUSE Security Advisory - openSUSE-SU-2021:2789-1
https://notcve.org/view.php?id=CVE-2020-35503
02 Jun 2021 — A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de desreferencia del puntero NULL en la emulación megasas-ge... • https://bugzilla.redhat.com/show_bug.cgi?id=1910346 • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35506 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2020-35506
28 May 2021 — A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process. Se encontró una vulnerabilidad de uso de memoria previamente liberada en la emulación del adaptador bus de host SCSI am53c974 de QEMU en ver... • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35505 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2020-35505
28 May 2021 — A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de desreferencia del puntero NULL en la emulación del adaptador de bus de host SCSI am53c974 de QEMU en versiones ... • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-476: NULL Pointer Dereference •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35504 – Gentoo Linux Security Advisory 202208-27
https://notcve.org/view.php?id=CVE-2020-35504
28 May 2021 — A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de desreferencia del puntero NULL en el soporte de emulación SCSI de QEMU en versiones anteriores a 6.0.0. Este fallo permite a un usuario invitado privilegiado bloquear el proceso QEMU en el host... • http://www.openwall.com/lists/oss-security/2021/04/16/3 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-20196 – QEMU: block: fdc: null pointer dereference may lead to guest crash
https://notcve.org/view.php?id=CVE-2021-20196
26 May 2021 — A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo de desreferencia de puntero NULL en el emulador floppy disk de QEMU. • https://bugs.launchpad.net/qemu/+bug/1912780 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3527 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2021-3527
26 May 2021 — A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resul... • https://bugzilla.redhat.com/show_bug.cgi?id=1955695 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3507 – QEMU: fdc: heap buffer overflow in DMA read data transfers
https://notcve.org/view.php?id=CVE-2021-3507
06 May 2021 — A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. Se encontró un desbordamiento del búfer de pila en el emulador de disquete de QEMU versiones hasta 6.0.0 (in... • https://bugzilla.redhat.com/show_bug.cgi?id=1951118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-20257 – QEMU: net: e1000: infinite loop while processing transmit descriptors
https://notcve.org/view.php?id=CVE-2021-20257
23 Apr 2021 — An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de bucle infinito en el emulador NIC e1000 de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1930087 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20295 – QEMU: Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3
https://notcve.org/view.php?id=CVE-2021-20295
06 Apr 2021 — It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security... • https://access.redhat.com/security/cve/CVE-2020-10756 • CWE-125: Out-of-bounds Read •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3409 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2021-3409
23 Mar 2021 — The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. Se detectó que el parche para CVE-2020-17380/CVE-2020-25085 era ineficaz, por lo que QEMU era vulnerable a prob... • https://bugzilla.redhat.com/show_bug.cgi?id=1928146 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •