CVSS: 3.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26354 – QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak
https://notcve.org/view.php?id=CVE-2022-26354
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. Se ha encontrado un fallo en el dispositivo vhost-vsock de QEMU. En caso de error, un elemento inválido no era desprendido de la virtqueue antes de liberar su memoria, conllevando a una pérdida de memoria y otros resultados no esperados. • https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220425-0003 https://www.debian.org/security/2022/dsa-5133 https://access.redhat.com/security/cve/CVE-2022-26354 https://bugzilla.redhat.com/show_bug.cgi?id=2063257 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0358 – QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
https://notcve.org/view.php?id=CVE-2022-0358
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system. • https://access.redhat.com/security/cve/CVE-2022-0358 https://bugzilla.redhat.com/show_bug.cgi?id=2044863 https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca https://security.netapp.com/advisory/ntap-20221007-0008 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3607
https://notcve.org/view.php?id=CVE-2021-3607
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un desbordamiento de enteros en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare en versiones anteriores a 6.1.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1973349 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220318-0002 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3930 – QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c
https://notcve.org/view.php?id=CVE-2021-3930
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. Se ha encontrado un error "off-by-one" en la emulación de dispositivos SCSI en QEMU. Podía ocurrir mientras eran procesados comandos MODE SELECT en mode_sense_page() si el argumento "page" era establecido como MODE_PAGE_ALLS (0x3f). • https://bugzilla.redhat.com/show_bug.cgi?id=2020588 https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220225-0007 https://access.redhat.com/security/cve/CVE-2021-3930 • CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3638
https://notcve.org/view.php?id=CVE-2021-3638
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se ha encontrado un fallo de acceso a memoria fuera de límites en la emulación de dispositivos ATI VGA de QEMU. Este fallo es producido en la rutina ati_2d_blt() mientras son manejadas operaciones de escritura MMIO cuando el huésped proporciona valores no válidos para los parámetros de pantalla de destino. • https://bugzilla.redhat.com/show_bug.cgi?id=1979858 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html https://security.netapp.com/advisory/ntap-20220407-0003 https://ubuntu.com/security/CVE-2021-3638 • CWE-787: Out-of-bounds Write •