CVE-2024-6505 – Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss
https://notcve.org/view.php?id=CVE-2024-6505
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host. Se encontró un fallo en el dispositivo virtio-net en QEMU. • https://access.redhat.com/security/cve/CVE-2024-6505 https://bugzilla.redhat.com/show_bug.cgi?id=2295760 • CWE-125: Out-of-bounds Read •
CVE-2024-3567 – Qemu-kvm: net: assertion failure in update_sctp_checksum()
https://notcve.org/view.php?id=CVE-2024-3567
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition. Se encontró una falla en QEMU. Se produjo un error de aserción en la función update_sctp_checksum() en hw/net/net_tx_pkt.c al intentar calcular la suma de comprobación de un paquete fragmentado de tamaño corto. • https://access.redhat.com/security/cve/CVE-2024-3567 https://bugzilla.redhat.com/show_bug.cgi?id=2274339 https://gitlab.com/qemu-project/qemu/-/issues/2273 • CWE-617: Reachable Assertion •
CVE-2023-6683 – Qemu: vnc: null pointer dereference in qemu_clipboard_request()
https://notcve.org/view.php?id=CVE-2023-6683
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service. Se encontró una falla en el servidor QEMU built-in VNC al procesar mensajes ClientCutText. Se puede acceder a la función qemu_clipboard_request() antes de que se llamara a vnc_server_cut_text_caps() y tuviera la oportunidad de inicializar el par del portapapeles, lo que lleva a una desreferencia del puntero NULL. • https://access.redhat.com/errata/RHSA-2024:2135 https://access.redhat.com/errata/RHSA-2024:2962 https://access.redhat.com/security/cve/CVE-2023-6683 https://bugzilla.redhat.com/show_bug.cgi?id=2254825 https://security.netapp.com/advisory/ntap-20240223-0001 • CWE-476: NULL Pointer Dereference •
CVE-2023-6693 – Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
https://notcve.org/view.php?id=CVE-2023-6693
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. Se encontró un desbordamiento de búfer en la región stack de la memoria en el dispositivo virtio-net de QEMU. • https://access.redhat.com/errata/RHSA-2024:2962 https://access.redhat.com/security/cve/CVE-2023-6693 https://bugzilla.redhat.com/show_bug.cgi?id=2254580 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y https://security.netapp.com/advisory/ntap-20240208-0004 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-2861 – Qemu: 9pfs: improper access control on special files
https://notcve.org/view.php?id=CVE-2023-2861
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. Se encontró una falla en la implementación del sistema de archivos de paso 9p (9pfs) en QEMU. El servidor 9pfs no prohibía la apertura de archivos especiales en el lado del host, lo que potencialmente permitía que un cliente malicioso escapara del árbol 9p exportado creando y abriendo un archivo de dispositivo en la carpeta compartida. • https://access.redhat.com/security/cve/CVE-2023-2861 https://bugzilla.redhat.com/show_bug.cgi?id=2219266 https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html https://security.netapp.com/advisory/ntap-20240125-0005 https://security.netapp.com/advisory/ntap-20240229-0002 • CWE-284: Improper Access Control •