CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3750 – QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free
https://notcve.org/view.php?id=CVE-2021-3750
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. • https://bugzilla.redhat.com/show_bug.cgi?id=1999073 https://gitlab.com/qemu-project/qemu/-/issues/541 https://gitlab.com/qemu-project/qemu/-/issues/556 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220624-0003 https://access.redhat.com/security/cve/CVE-2021-3750 • CWE-416: Use After Free •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 1CVE-2021-4206 – QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow
https://notcve.org/view.php?id=CVE-2021-4206
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Se ha encontrado un fallo en la emulación del dispositivo de visualización QXL en QEMU. Un desbordamiento de enteros en la función cursor_alloc() puede conllevar a una asignación de un pequeño objeto cursor seguido de un posterior desbordamiento del búfer en la región heap de la memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=2036998 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://starlabs.sg/advisories/21-4206 https://www.debian.org/security/2022/dsa-5133 https://access.redhat.com/security/cve/CVE-2021-4206 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 1CVE-2021-4207 – QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow
https://notcve.org/view.php?id=CVE-2021-4207
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Se ha encontrado un fallo en la emulación del dispositivo de visualización QXL en QEMU. Una doble obtención de los valores controlados por el huésped "cursor-)header.width" y "cursor-)header.height" puede conllevar a una asignación de un pequeño objeto cursor seguido de un posterior desbordamiento del búfer en la región heap de la memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=2036966 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://starlabs.sg/advisories/21-4207 https://www.debian.org/security/2022/dsa-5133 https://access.redhat.com/security/cve/CVE-2021-4207 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 0CVE-2022-1353 – kernel: kernel info leak issue in pfkey_register
https://notcve.org/view.php?id=CVE-2022-1353
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Se encontró una vulnerabilidad en la función pfkey_register en el archivo net/key/af_key.c en el kernel de Linux. Este fallo permite a un usuario local no privilegiado acceder a la memoria del kernel, conllevando a un bloqueo del sistema o un filtrado de información interna del kernel • https://bugzilla.redhat.com/show_bug.cgi?id=2066819 https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://security.netapp.com/advisory/ntap-20220629-0001 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/2022/dsa-5173 https://access.redhat.com/security/cve/CVE-2022-1353 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 1CVE-2022-1227 – psgo: Privilege escalation in 'podman top'
https://notcve.org/view.php?id=CVE-2022-1227
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. Se ha encontrado un fallo de escalada de privilegios en Podman. • https://bugzilla.redhat.com/show_bug.cgi?id=2070368 https://github.com/containers/podman/issues/10941 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://security.netapp.com/advisory/ntap-20240628-0001 https://access.redhat.com/security/cve/CVE-2022-1227 • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions •