CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27661
https://notcve.org/view.php?id=CVE-2020-27661
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de división por cero en la función dwc2_handle_packet en el archivo hw/usb/hcd-dwc2.c en la emulación del controlador de host USB hcd-dwc2 de QEMU. Un huésped malicioso podría utilizar este fallo para bloquear el proceso de QEMU en el host, resultando en una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=1890653 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bea2a9e3e00b275dc40cfa09c760c715b8753e03 https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html https://security.netapp.com/advisory/ntap-20210720-0010 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1770368.html • CWE-369: Divide By Zero •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3546
https://notcve.org/view.php?id=CVE-2021-3546
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process. Se ha encontrado una vulnerabilidad de escritura fuera de límites en el dispositivo GPU virtio vhost-user (vhost-user-gpu) de QEMU en las versiones hasta la 6.0 inclusive. El fallo se produce al procesar el comando 'VIRTIO_GPU_CMD_GET_CAPSET' del huésped. • http://www.openwall.com/lists/oss-security/2021/05/31/1 https://bugzilla.redhat.com/show_bug.cgi?id=1958978 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210720-0008 https://www.debian.org/security/2021/dsa-4980 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3545
https://notcve.org/view.php?id=CVE-2021-3545
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host. Se ha encontrado una vulnerabilidad de divulgación de información en el dispositivo GPU virtio vhost-user (vhost-user-gpu) de QEMU en las versiones hasta 6.0 incluyéndola. El fallo se presenta en la función virgl_cmd_get_capset_info() en el archivo contrib/vhost-user-gpu/virgl.c y podría ocurrir debido a una lectura de memoria no inicializada. • http://www.openwall.com/lists/oss-security/2021/05/31/1 https://bugzilla.redhat.com/show_bug.cgi?id=1958955 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210720-0008 https://www.debian.org/security/2021/dsa-4980 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3544
https://notcve.org/view.php?id=CVE-2021-3544
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. Se han encontrado varias pérdidas de memoria en el dispositivo virtio vhost-user GPU (vhost-user-gpu) de QEMU en las versiones hasta la 6.0 incluyéndola. Se presentan en los archivos contrib/vhost-user-gpu/vhost-user-gpu.c y contrib/vhost-user-gpu/virgl.c debido a la liberación inapropiada de la memoria (es decir, libre) después del tiempo de vida efectivo • http://www.openwall.com/lists/oss-security/2021/05/31/1 https://bugzilla.redhat.com/show_bug.cgi?id=1958935 https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210720-0008 https://www.debian.org/security/2021/dsa-4980 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35503
https://notcve.org/view.php?id=CVE-2020-35503
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de desreferencia del puntero NULL en la emulación megasas-gen2 SCSI host bus adapter de QEMU en versiones anteriores a 6.0 incluyéndola. • https://bugzilla.redhat.com/show_bug.cgi?id=1910346 https://security.netapp.com/advisory/ntap-20210720-0008 • CWE-476: NULL Pointer Dereference •