CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20181 – QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-20181
08 Feb 2021 — A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. Se encontró un fallo de condición de carrera en la implementación del servidor 9pfs de QEMU versiones hasta 5.2.0 incluyéndola. Este fallo permite a un cliente 9p malicios... • https://bugzilla.redhat.com/show_bug.cgi?id=1927007 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 2CVE-2020-35517 – QEMU: virtiofsd: potential privileged host device access from guest
https://notcve.org/view.php?id=CVE-2020-35517
28 Jan 2021 — A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. Se encontró un fallo en qemu. Se encontró un problema de escalada de privilegios del host en el demonio del sistema de archivos compartidos virtio-fs, donde un usuario invitado privilegiado puede crear un archivo especial de dispositivo en el directorio compart... • https://bugzilla.redhat.com/show_bug.cgi?id=1915823 • CWE-269: Improper Privilege Management •
CVSS: 3.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-29443 – QEMU: ide: atapi: OOB access while processing read commands
https://notcve.org/view.php?id=CVE-2020-29443
22 Jan 2021 — ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. La función ide_atapi_cmd_reply_end en el archivo hw/ide/atapi.c, en QEMU versión 5.1.0, permite un acceso de lectura fuera de límites porque un índice de búfer no está comprobado An out-of-bounds read-access flaw was found in the ATAPI Emulator of QEMU. This issue occurs while processing the ATAPI read command if the logical block address(LBA) is set to an invalid value. A guest ... • http://www.openwall.com/lists/oss-security/2021/01/18/2 • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27821 – QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c
https://notcve.org/view.php?id=CVE-2020-27821
08 Dec 2020 — A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. Se encontró uno fallo en la API de administración de memoria de QEMU durante la inicialización de una caché de región de memoria. • http://www.openwall.com/lists/oss-security/2020/12/16/6 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-28916 – QEMU: e1000e: infinite loop scenario in case of null packet descriptor
https://notcve.org/view.php?id=CVE-2020-28916
04 Dec 2020 — hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. El archivo hw/net/e1000e_core.c en QEMU versión 5.0.0, presenta un bucle infinito por medio de un descriptor RX con una dirección de búfer NULL An infinite loop flaw was found in the e1000e device emulator in QEMU. This issue could occur while receiving packets via the e1000e_write_packet_to_guest() routine, if the receive(RX) descriptor has a NULL buffer address. This flaw allows a privileged guest user... • http://www.openwall.com/lists/oss-security/2020/12/01/2 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25624 – Ubuntu Security Notice USN-4650-1
https://notcve.org/view.php?id=CVE-2020-25624
30 Nov 2020 — hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. El archivo hw/usb/hcd-ohci.c en QEMU versión 5.0.0, presenta una lectura excesiva del búfer en la región stack de la memoria por medio de valores obtenidos desde el driver del controlador de host Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or po... • https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html • CWE-125: Out-of-bounds Read •
CVSS: 3.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25723 – QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c
https://notcve.org/view.php?id=CVE-2020-25723
30 Nov 2020 — A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de aserción alcanzable en el código de emulación USB EHCI de QEMU. Podría ocurrir mientras se procesan las peticiones USB debido a una falta de... • http://www.openwall.com/lists/oss-security/2020/12/22/1 • CWE-617: Reachable Assertion •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-17380 – Ubuntu Security Notice USN-4650-1
https://notcve.org/view.php?id=CVE-2020-17380
30 Nov 2020 — A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. Se encontró un desbordamiento del búfer en la región heap de la memoria en... • http://www.openwall.com/lists/oss-security/2021/03/09/1 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27617 – QEMU: net: an assert failure via eth_get_gso_type
https://notcve.org/view.php?id=CVE-2020-27617
06 Nov 2020 — eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. La función eth_get_gso_type en el archivo net/eth.c en QEMU versión 4.2.1, permite a usuarios de OS invitados desencadenar un error de aserción. Un invitado puede bloquear el proceso de QEMU por medio de paquetes de datos que carecen de un protocolo de Capa 3 válido An assert(3) failure flaw was found in the networking... • http://www.openwall.com/lists/oss-security/2020/11/02/1 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27616 – Ubuntu Security Notice USN-4650-1
https://notcve.org/view.php?id=CVE-2020-27616
06 Nov 2020 — ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. La función ati_2d_blt en el archivo hw/display/ati_2d.c en QEMU versión 4.2.1, puede encontrar una situación fuera de límites en un cálculo. Un invitado puede bloquear el proceso QEMU Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial ... • http://www.openwall.com/lists/oss-security/2020/11/03/2 • CWE-682: Incorrect Calculation •