CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-24352
https://notcve.org/view.php?id=CVE-2020-24352
16 Oct 2020 — An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Se detectó un problema en QEMU versiones hasta 5.1.0. • https://bugzilla.redhat.com/show_bug.cgi?id=1847584 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25742
https://notcve.org/view.php?id=CVE-2020-25742
06 Oct 2020 — pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. La función pci_change_irq_level en el archivo hw/pci/pci.c en QEMU versiones anteriores a 5.1.1, presenta una desreferencia de puntero NULL porque la función pci_get_bus() podría no devolver un puntero válido • http://www.openwall.com/lists/oss-security/2020/09/29/1 • CWE-476: NULL Pointer Dereference •
CVSS: 3.2EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25743
https://notcve.org/view.php?id=CVE-2020-25743
06 Oct 2020 — hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. El archivo hw/ide/pci.c en QEMU versiones anteriores a 5.1.1, puede desencadenar una desreferencia del puntero NULL porque carece de una comprobación de puntero antes de una llamada de ide_cancel_dma_sync • http://www.openwall.com/lists/oss-security/2020/09/29/1 • CWE-476: NULL Pointer Dereference •
CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25741
https://notcve.org/view.php?id=CVE-2020-25741
02 Oct 2020 — fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. La función fdctrl_write_data en el archivo hw/block/fdc.c en QEMU versión 5.0.0, presenta una desreferencia del puntero NULL por medio de un puntero de bloqueo NULL para la unidad actual • http://www.openwall.com/lists/oss-security/2020/09/29/1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25625 – Ubuntu Security Notice USN-4650-1
https://notcve.org/view.php?id=CVE-2020-25625
25 Sep 2020 — hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. En el archivo hw/usb/hcd-ohci.c en QEMU versión 5.0.0, presenta un bucle infinito cuando una lista TD presenta un bucle Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers wo... • http://www.openwall.com/lists/oss-security/2020/09/17/1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25085 – Ubuntu Security Notice USN-4650-1
https://notcve.org/view.php?id=CVE-2020-25085
25 Sep 2020 — QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. QEMU versión 5.0.0, presenta un desbordamiento de búfer en la región heap de la memoria en la función flatview_read_continue en el archivo exec.c porque el archivo hw/sd/sdhci.c maneja inapropiadamente una operación de escritura en el caso SDHC_BLKSIZE Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside ... • http://www.openwall.com/lists/oss-security/2020/09/16/6 • CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25084 – Ubuntu Security Notice USN-4650-1
https://notcve.org/view.php?id=CVE-2020-25084
25 Sep 2020 — QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. QEMU versión 5.0.0, presenta un uso de la memoria previamente liberada en el archivo hw/usb/hcd-xhci.c porque el valor de retorno de la función usb_packet_map no está marcado Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on... • http://www.openwall.com/lists/oss-security/2020/09/16/5 • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 2CVE-2020-14364 – QEMU: usb: out-of-bounds r/w access issue while processing usb packets
https://notcve.org/view.php?id=CVE-2020-14364
31 Aug 2020 — An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. Se encontró un fallo de acceso de lectura/escritura fuer... • https://github.com/gejian-iscas/CVE-2020-14364 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14415 – Ubuntu Security Notice USN-4467-1
https://notcve.org/view.php?id=CVE-2020-14415
20 Aug 2020 — oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. La función oss_write en el archivo audio/ossaudio.c en QEMU versiones anteriores a 5.0.0, maneja inapropiadamente una posición de búfer Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. ... • https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7a4ede0047a8613b0e3b72c9d351038f013dd357 • CWE-369: Divide By Zero •
CVSS: 3.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-12829 – Debian Security Advisory 4760-1
https://notcve.org/view.php?id=CVE-2020-12829
20 Aug 2020 — In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service. En QEMU versiones hasta 5.0.0, se encontró un desbordamiento de enteros en la implementación del controlador de pantalla SM501. Este f... • https://bugzilla.redhat.com/show_bug.cgi?id=1808510 • CWE-190: Integer Overflow or Wraparound •