CVE-2014-0142 – qemu: crash by possible division by zero
https://notcve.org/view.php?id=CVE-2014-0142
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c. QEMU, posiblemente en versiones anteriores a la 2.0.0, permite que usuarios locales provoquen una denegación de servicio (error de división entre cero y bloqueo) mediante un valor cero en el campo de seguimiento (1) en la función seek_to_sector en block/parallels.c o el campo (2) extent_size field en la función bochs en block/bochs.c. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=8e53abbc20d08ae3ec30c2054e1161314ad9501d http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9302e863aa8baa5d932fc078967050c055fa1a7f http://rhn.redhat.com/errata/RHSA-2014-0420.html http://rhn.redhat.com/errata/RHSA-2014-0421.html http://www.debian.org/security/2014/dsa-3044 https://bugzilla.redhat.com/show_bug.cgi?id=1078201 https://access.redhat.com/security/cve/CVE-2014-0142 • CWE-369: Divide By Zero •
CVE-2014-0150 – qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function
https://notcve.org/view.php?id=CVE-2014-0150
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. Desbordamiento de eneteros en la función virtio_net_handle_mac en hw/net/virtio-net.c en QEMU 2.0 y anteriores permite a usuarios locales invitados ejecutar código arbitrario a través de una solicitud de actualización de tabla de direcciones MAC, lo que provoca un desbordamiento de buffer basado en memoria dinámica. • http://article.gmane.org/gmane.comp.emulators.qemu/266768 http://secunia.com/advisories/57878 http://secunia.com/advisories/58191 http://thread.gmane.org/gmane.comp.emulators.qemu/266713 http://www.debian.org/security/2014/dsa-2909 http://www.debian.org/security/2014/dsa-2910 http://www.ubuntu.com/usn/USN-2182-1 https://bugzilla.redhat.com/show_bug.cgi?id=1078846 https://access.redhat.com/security/cve/CVE-2014-0150 • CWE-189: Numeric Errors •
CVE-2013-4344 – qemu: buffer overflow in scsi_target_emulate_report_luns
https://notcve.org/view.php?id=CVE-2013-4344
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. Desbordamiento de buffer en la implementación SCSI de QEMU, tal como es usado en Xen, cuando un controlador SCSI tiene más de 256 dispositivos adjuntos, permite a usuarios locales obtener privilegios a través de un buffer de pequeña transferencia en un comando REPORT LUNS. • http://article.gmane.org/gmane.comp.emulators.qemu/237191 http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://osvdb.org/98028 http://rhn.redhat.com/errata/RHSA-2013-1553.html http://rhn.redhat.com/errata/RHSA-2013-1754.html http://www.openwall.com/lists/oss-security/2013/10/02/2 http://www.securityfocus.com/bid/62773 http://www.ubuntu.com/usn/USN-2092-1 https: • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2012-6075 – qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled
https://notcve.org/view.php?id=CVE-2012-6075
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Desbordamiento de buffer en la función e1000_receive del controlador de dispositivo e1000 (hw/e1000.c) en QEMU v1.3.0-rc2 y otras versiones, cuando las banderas de PAS y LPE están deshabilitadas, permiten ataques remotos que provocan una denegación de servicios (errores en el sistema operativo invitado) y posiblemente ejecutar código arbitrario. • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2012-3515 – qemu: VT100 emulation vulnerability
https://notcve.org/view.php?id=CVE-2012-3515
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Qemu, tal como se utiliza en Xen v4.0, v4.1 y posiblemente otros productos, al emular ciertos dispositivos con una consola virtual, permite a los usuarios locales del SO invitado obtener privilegios a través de una secuencia VT100 de escape manipulada que desencadena la sobrescritura del espacio de direcciones de un "device model's address space." • http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.ht • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •