Page 8 of 107 results (0.013 seconds)

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. Se ha detectado un fallo de escritura fuera de límites en la emulación del dispositivo UAS (USB Attached SCSI) de QEMU en versiones anteriores a 6.2.0-rc0. El dispositivo usa el número de flujo suministrado por el huésped sin comprobar, lo que puede conllevar a un acceso fuera de límites a los campos UASDevice-)data3 y UASDevice-)status3. • https://bugzilla.redhat.com/show_bug.cgi?id=1994640 https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210923-0006 https://www.debian.org/security/2021/dsa-4980 • CWE-787: Out-of-bounds Write •

CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. Se ha encontrado un fallo en la emulación del dispositivo redirector USB de QEMU en versiones anteriores a 6.1.0-rc2. Ocurre cuando se abandonan paquetes durante una transferencia masiva desde un cliente SPICE debido a que la queue de paquetes está lleno. • https://bugzilla.redhat.com/show_bug.cgi?id=1989651 https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210902-0006 https://www.debian.org/security/2021/dsa-4980 https://access.redhat.com/security/cve/CVE-2021-3682 • CWE-763: Release of Invalid Pointer or Reference •

CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en la implementación de QEMU del dispositivo RDMA paravirtual de VMWare en versiones anteriores a 6.1.0. El problema es producido mientras es manejada una escritura "PVRDMA_REG_DSRHIGH" desde el huésped y puede resultar en un fallo de QEMU o causar un comportamiento no definido debido a un acceso de un puntero no inicializado. • https://bugzilla.redhat.com/show_bug.cgi?id=1973383 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220318-0002 • CWE-824: Access of Uninitialized Pointer •

CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de bucle infinito en el emulador NIC e1000 de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1930087 https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220425-0003 https://www.openwall.com/lists/oss-security/2021/02/25/2 https://access.redhat.com/security/cve/CVE-2021-20257 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se encontró un problema de división por cero en la función dwc2_handle_packet en el archivo hw/usb/hcd-dwc2.c en la emulación del controlador de host USB hcd-dwc2 de QEMU. Un huésped malicioso podría utilizar este fallo para bloquear el proceso de QEMU en el host, resultando en una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=1890653 https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=bea2a9e3e00b275dc40cfa09c760c715b8753e03 https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html https://security.netapp.com/advisory/ntap-20210720-0010 https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1770368.html • CWE-369: Divide By Zero •