CVSS: 3.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-16092 – QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c
https://notcve.org/view.php?id=CVE-2020-16092
11 Aug 2020 — In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. En QEMU versiones hasta 5.0.0, puede ocurrir un fallo de aserción en el procesamiento de paquetes de red. Este problema afecta a los dispositivos de red e1000e y vmxnet3. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html • CWE-617: Reachable Assertion •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15863 – Debian Security Advisory 4760-1
https://notcve.org/view.php?id=CVE-2020-15863
28 Jul 2020 — hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. El archivo hw/net/xgmac.c en el controlador Ethernet XGMAC en QEMU antes del 20/07/2020, presenta ... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00024.html • CWE-787: Out-of-bounds Write •
CVSS: 3.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-15859 – QEMU: net: e1000e: use-after-free while sending packets
https://notcve.org/view.php?id=CVE-2020-15859
21 Jul 2020 — QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. QEMU versión 4.2.0, presenta un uso de la memoria previamente liberada en el archivo hw/net/e1000e_core.c porque un usuario del Sistema Operativo invitado puede activar un paquete e1000e con la dirección de datos establecida en la dirección MMIO del e1000e A use-after-free flaw was found in the INTEL 82574 NIC (e1000e) emulator of the QEMU. Th... • https://bugs.launchpad.net/qemu/+bug/1886362 • CWE-416: Use After Free •
CVSS: 2.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15469 – Ubuntu Security Notice USN-5010-1
https://notcve.org/view.php?id=CVE-2020-15469
02 Jul 2020 — In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. En QEMU versión 4.2.0, un objeto MemoryRegionOps puede carecer de métodos de devolución de llamada de lectura y escritura, conllevando a una desreferencia del puntero NULL Lei Sun discovered that QEMU incorrectly handled certain MMIO operations. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. Wenxiang Qian discovered that QE... • http://www.openwall.com/lists/oss-security/2020/07/02/1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2020-10761 – Gentoo Linux Security Advisory 202011-09
https://notcve.org/view.php?id=CVE-2020-10761
09 Jun 2020 — An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. Se encontró un problema de fallo de aserción en el Network Block Device (NBD) en todas las versiones de QEMU anteriores a QEMU versión 5.0.1. Este fallo ocurre cu... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13791 – Gentoo Linux Security Advisory 202011-09
https://notcve.org/view.php?id=CVE-2020-13791
04 Jun 2020 — hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. El archivo hw/pci/pci.c en QEMU versión 4.2.0, permite a usuarios invitados del Sistema Operativo desencadenar un acceso fuera de límites al proporcionar una dirección cerca del final del espacio de configuración de PCI Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 5.... • https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00706.html • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13800 – Gentoo Linux Security Advisory 202011-09
https://notcve.org/view.php?id=CVE-2020-13800
04 Jun 2020 — ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. ati-vga en el archivo hw/display/ati.c en QEMU versión 4.2.0, permite a usuarios invitados del Sistema Operativo desencadenar una recursividad infinita por medio de un valor mm_index diseñado durante una llamada de ati_mm_read o ati_mm_write Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled r... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-674: Uncontrolled Recursion •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-13754 – QEMU: msix: OOB access during mmio operations may lead to DoS
https://notcve.org/view.php?id=CVE-2020-13754
02 Jun 2020 — hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. En el archivo hw/pci/msix.c en QEMU versión 4.2.0, permite a usuarios invitados del SO desencadenar un acceso fuera de límites por medio de una dirección diseñada en una operación msi-x mmio. An out-of-bounds access flaw was found in the Message Signalled Interrupt (MSI-X) device support of QEMU. This issue occurs while performing MSI-X mmio operations when a guest sent addr... • http://www.openwall.com/lists/oss-security/2020/06/01/6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 2.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13659 – Debian Security Advisory 4728-1
https://notcve.org/view.php?id=CVE-2020-13659
02 Jun 2020 — address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. La función address_space_map en el archivo exec.c en QEMU versión 4.2.0, puede desencadenar una desreferencia del puntero NULL relacionada a BounceBuffer. Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information.... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-476: NULL Pointer Dereference •
CVSS: 3.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13362 – Debian Security Advisory 4728-1
https://notcve.org/view.php?id=CVE-2020-13362
28 May 2020 — In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. En QEMU versión 5.0.0 y versiones anteriores, la función megasas_lookup_frame en el archivo hw/scsi/megasas.c presenta una lectura fuera de límites mediante el campo reply_queue_head desde un usuario invitado del Sistema Operativo. Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00086.html • CWE-125: Out-of-bounds Read •