Page 6 of 78 results (0.015 seconds)

CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un desbordamiento de enteros en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare en versiones anteriores a 6.1.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1973349 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07925.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220318-0002 • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. Se ha encontrado un error "off-by-one" en la emulación de dispositivos SCSI en QEMU. Podía ocurrir mientras eran procesados comandos MODE SELECT en mode_sense_page() si el argumento "page" era establecido como MODE_PAGE_ALLS (0x3f). • https://bugzilla.redhat.com/show_bug.cgi?id=2020588 https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220225-0007 https://access.redhat.com/security/cve/CVE-2021-3930 • CWE-193: Off-by-one Error •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se ha encontrado un fallo de acceso a memoria fuera de límites en la emulación de dispositivos ATI VGA de QEMU. Este fallo es producido en la rutina ati_2d_blt() mientras son manejadas operaciones de escritura MMIO cuando el huésped proporciona valores no válidos para los parámetros de pantalla de destino. • https://bugzilla.redhat.com/show_bug.cgi?id=1979858 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg01682.html https://security.netapp.com/advisory/ntap-20220407-0003 https://ubuntu.com/security/CVE-2021-3638 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en el dispositivo virtio-net de QEMU. Podría ocurrir cuando la dirección del descriptor pertenece a la región de acceso no directo, debido a que num_buffers es establecido después de que el elemento virtqueue haya sido desmapeado. • https://bugzilla.redhat.com/show_bug.cgi?id=1998514 https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.nongnu.org/archive/html/qemu-devel/2021-09/msg00388.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220425-0004 https://ubuntu.com/security/CVE-2021-3748 https://access. • CWE-416: Use After Free •

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. Se ha detectado un fallo de escritura fuera de límites en la emulación del dispositivo UAS (USB Attached SCSI) de QEMU en versiones anteriores a 6.2.0-rc0. El dispositivo usa el número de flujo suministrado por el huésped sin comprobar, lo que puede conllevar a un acceso fuera de límites a los campos UASDevice-)data3 y UASDevice-)status3. • https://bugzilla.redhat.com/show_bug.cgi?id=1994640 https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210923-0006 https://www.debian.org/security/2021/dsa-4980 • CWE-787: Out-of-bounds Write •