Page 9 of 351 results (0.018 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. Se encontró un desbordamiento del búfer de pila en el emulador de disquete de QEMU versiones hasta 6.0.0 (incluyéndola). Podría ocurrir en la función fdctrl_transfer_handler() en el archivo hw/block/fdc.c mientras son procesados transferencias de datos de lectura DMA desde la unidad de disquete al sistema invitado. • https://bugzilla.redhat.com/show_bug.cgi?id=1951118 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210528-0005 https://access.redhat.com/security/cve/CVE-2021-3507 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un problema de acceso al búfer de pila fuera de límites en el emulador ARM Generic Interrupt Controller de QEMU hasta e incluyendo qemu versión 4.2.0 en la plataforma aarch64. • http://www.openwall.com/lists/oss-security/2021/02/05/1 https://bugzilla.redhat.com/show_bug.cgi?id=1924601 https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210708-0005 https://access.redhat.com/security/cve/CVE-2021-20221 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756. Se ha detectado que la actualización para el módulo virt:rhel en la fe de erratas RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) publicada como parte de Red Hat Enterprise Linux versión 8.3, no incluía la corrección del problema del componente qemu-kvm CVE-2020-10756, que fue corregido previamente en virt:rhel/qemu-kvm por medio de la fe de erratas RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 fue asignado a esa regresión de seguridad específica de Red Hat. • https://access.redhat.com/security/cve/CVE-2020-10756 https://bugzilla.redhat.com/show_bug.cgi?id=1944075 https://security.netapp.com/advisory/ntap-20220519-0003 https://access.redhat.com/security/cve/CVE-2021-20295 • CWE-125: Out-of-bounds Read •

CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this. Se detectó que el parche para CVE-2020-17380/CVE-2020-25085 era ineficaz, por lo que QEMU era vulnerable a problemas de acceso de lectura y escritura fuera de límites que se encontraban anteriormente en el código de emulación del controlador SDHCI. Este fallo permite a un invitado privilegiado malicioso bloquear el proceso QEMU en el host, resultando en una denegación de servicio o una posible ejecución de código. • https://bugzilla.redhat.com/show_bug.cgi?id=1928146 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210507-0001 https://www.openwall.com/lists/oss-security/2021/03/09/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 1

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected. Se encontró un fallo de uso de la memoria previamente liberada en el emulador MegaRAID de QEMU. • https://bugs.launchpad.net/qemu/+bug/1914236 https://bugzilla.redhat.com/show_bug.cgi?id=1924042 https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210507-0001 • CWE-416: Use After Free •