CVSS: 3.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29443 – QEMU: ide: atapi: OOB access while processing read commands
https://notcve.org/view.php?id=CVE-2020-29443
22 Jan 2021 — ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. La función ide_atapi_cmd_reply_end en el archivo hw/ide/atapi.c, en QEMU versión 5.1.0, permite un acceso de lectura fuera de límites porque un índice de búfer no está comprobado An out-of-bounds read-access flaw was found in the ATAPI Emulator of QEMU. This issue occurs while processing the ATAPI read command if the logical block address(LBA) is set to an invalid value. A guest ... • http://www.openwall.com/lists/oss-security/2021/01/18/2 • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27821 – QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c
https://notcve.org/view.php?id=CVE-2020-27821
08 Dec 2020 — A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. Se encontró uno fallo en la API de administración de memoria de QEMU durante la inicialización de una caché de región de memoria. • http://www.openwall.com/lists/oss-security/2020/12/16/6 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-28916 – QEMU: e1000e: infinite loop scenario in case of null packet descriptor
https://notcve.org/view.php?id=CVE-2020-28916
04 Dec 2020 — hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. El archivo hw/net/e1000e_core.c en QEMU versión 5.0.0, presenta un bucle infinito por medio de un descriptor RX con una dirección de búfer NULL An infinite loop flaw was found in the e1000e device emulator in QEMU. This issue could occur while receiving packets via the e1000e_write_packet_to_guest() routine, if the receive(RX) descriptor has a NULL buffer address. This flaw allows a privileged guest user... • http://www.openwall.com/lists/oss-security/2020/12/01/2 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-17380 – Ubuntu Security Notice USN-4650-1
https://notcve.org/view.php?id=CVE-2020-17380
30 Nov 2020 — A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. Se encontró un desbordamiento del búfer en la región heap de la memoria en... • http://www.openwall.com/lists/oss-security/2021/03/09/1 • CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25723 – QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c
https://notcve.org/view.php?id=CVE-2020-25723
30 Nov 2020 — A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de aserción alcanzable en el código de emulación USB EHCI de QEMU. Podría ocurrir mientras se procesan las peticiones USB debido a una falta de... • http://www.openwall.com/lists/oss-security/2020/12/22/1 • CWE-617: Reachable Assertion •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25624 – Ubuntu Security Notice USN-4650-1
https://notcve.org/view.php?id=CVE-2020-25624
30 Nov 2020 — hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. El archivo hw/usb/hcd-ohci.c en QEMU versión 5.0.0, presenta una lectura excesiva del búfer en la región stack de la memoria por medio de valores obtenidos desde el driver del controlador de host Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or po... • https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24352
https://notcve.org/view.php?id=CVE-2020-24352
16 Oct 2020 — An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se detectó un problema en QEMU versiones hasta 5.1.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1847584 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25742
https://notcve.org/view.php?id=CVE-2020-25742
06 Oct 2020 — pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. La función pci_change_irq_level en el archivo hw/pci/pci.c en QEMU versiones anteriores a 5.1.1, presenta una desreferencia de puntero NULL porque la función pci_get_bus() podría no devolver un puntero válido • http://www.openwall.com/lists/oss-security/2020/09/29/1 • CWE-476: NULL Pointer Dereference •
CVSS: 3.2EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25743
https://notcve.org/view.php?id=CVE-2020-25743
06 Oct 2020 — hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. El archivo hw/ide/pci.c en QEMU versiones anteriores a 5.1.1, puede desencadenar una desreferencia del puntero NULL porque carece de una comprobación de puntero antes de una llamada de ide_cancel_dma_sync • http://www.openwall.com/lists/oss-security/2020/09/29/1 • CWE-476: NULL Pointer Dereference •
CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25741
https://notcve.org/view.php?id=CVE-2020-25741
02 Oct 2020 — fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. La función fdctrl_write_data en el archivo hw/block/fdc.c en QEMU versión 5.0.0, presenta una desreferencia del puntero NULL por medio de un puntero de bloqueo NULL para la unidad actual • http://www.openwall.com/lists/oss-security/2020/09/29/1 • CWE-476: NULL Pointer Dereference •