CVE-2014-0223 – Qemu: qcow1: validate image size to avoid out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2014-0223
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read. Desbordamiento de enteros en la función qcow_open en block/qcow.c en QEMU anterior a 1.7.2 permite a usuarios locales causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un tamaño grande de imagen, lo que provoca un desbordamiento de buffer o una lectura fuera de rango. An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html http://www.debian.org/security/2014/dsa-3044 http://www.securityfocus.com/bid/67391 https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html https://access.redhat.com/security/cve/CVE-2014-0223 https://bugzilla.redhat.com/show_bug.cgi?id=1097222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVE-2013-4150 – qemu: virtio-net: out-of-bounds buffer write on invalid state load
https://notcve.org/view.php?id=CVE-2013-4150
The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. La función virtio_net_load en hw/net/virtio-net.c en QEMU 1.5.0 hasta 1.7.x anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores en los cuales el valor de curr_queues es mayor que el de max_queues, lo que provoca una escritura fuera de rango. • http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eea750a5623ddac7a61982eec8f1c93481857578 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0927.html https://access.redhat.com/security/cve/CVE-2013-4150 https://bugzilla.redhat.com/show_bug.cgi?id=1066340 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2013-4529 – qemu: hw/pci/pcie_aer.c: buffer overrun on invalid state load
https://notcve.org/view.php?id=CVE-2013-4529
Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. Desbordamiento de buffer en hw/pci/pcie_aer.c en QEMU anterior a 1.7.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario a través de un valor log_num grande en un imagen savevm. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0927.html https://access.redhat.com/security/cve/CVE-2013-4529 https://bugzilla.redhat.com/show_bug.cgi?id=1066353 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0222 – Qemu: qcow1: validate L2 table size to avoid integer overflows
https://notcve.org/view.php?id=CVE-2014-0222
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Desbordamiento de enteros en la función qcow_open en block/qcow.c en QEMU anterior a 1.7.2 permite a atacantes remotos causara una denegación de servicio (caída) a través de una tabla L2 grande en un imagen QCOW versión 1. An integer overflow flaw was found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html http://www.debian.org/security/2014/dsa-3044 http://www.securityfocus.com/bid/67357 https://lists.gnu.org/archive/html/qemu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVE-2013-4527 – qemu: hpet: buffer overrun on invalid state load
https://notcve.org/view.php?id=CVE-2013-4527
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. Desbordamiento de buffer en hw/timer/hpet.c en QEMU anterior a 1.7.2 podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el número de temporizadores. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=3f1c49e2136fa08ab1ef3183fd55def308829584 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html http://rhn.redhat.com/errata/RHSA-2014-0927.html https://access.redhat.com/security/cve/CVE-2013-4527 https://bugzilla.redhat.com/show_bug.cgi?id=1066347 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •