Vulnerabilites related to qemu - qemu
Vulnerability from fkie_nvd
Published
2007-10-30 22:46
Modified
2024-11-21 00:38
Severity ?
Summary
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://osvdb.org/42986Broken Link
cve@mitre.orghttp://secunia.com/advisories/25073Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/25095Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/27486Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/29129Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/33568Third Party Advisory
cve@mitre.orghttp://taviso.decsystem.org/virtsec.pdfTechnical Description, Third Party Advisory
cve@mitre.orghttp://www.attrition.org/pipermail/vim/2007-October/001842.htmlThird Party Advisory
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1284Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:203Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:162Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/23731Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1597Third Party Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/38238Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/42986Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25073Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27486Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29129Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33568Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://taviso.decsystem.org/virtsec.pdfTechnical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.attrition.org/pipermail/vim/2007-October/001842.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1284Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:203Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:162Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23731Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1597Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/38238Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
qemu qemu 0.8.2
debian debian_linux 3.1
debian debian_linux 4.0
opensuse opensuse 11.0
opensuse opensuse 11.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 \"mtu\" heap overflow.  NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of \"NE2000 network driver and the socket code,\" but this is the correct identifier for the mtu overflow vulnerability."
    },
    {
      "lang": "es",
      "value": "El emulador NE2000 en QEMU 0.8.2 permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de la escritura de la estructura ethernet con un tama\u00f1o mayor que el MTU en el registro EN0_TCNT, lo cual dispara un desbordamiento de b\u00fafer basado en pila en la libreria slirp, tambi\u00e9n conocida como desbordamiento de pila NE2000 \"mtu\". NOTA: algunas fuentes han utilizado CVE-2007-1321 para referenciar este asunto como una parte de \"el controlado de red NE2000 y el c\u00f3digo de conexi\u00f3n,\" pero este es el indentificador correcto para la vulnerabilidad de desbordamiento de mtu."
    }
  ],
  "id": "CVE-2007-5729",
  "lastModified": "2024-11-21T00:38:33.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-30T22:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/42986"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25095"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27486"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29129"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33568"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://taviso.decsystem.org/virtsec.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2007/dsa-1284"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23731"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1597"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/42986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/33568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://taviso.decsystem.org/virtsec.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2007/dsa-1284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38238"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.",
      "lastModified": "2007-11-02T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-10-05 16:59
Modified
2024-11-21 02:58
Summary
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
Impacted products
Vendor Product Version
qemu qemu *
qemu qemu 2.9.0
qemu qemu 2.9.0
qemu qemu 2.9.0
qemu qemu 2.9.0
qemu qemu 2.9.0
qemu qemu 2.9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A965C2D1-C447-4324-95A4-27285ECF8909",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "9F615830-8EC7-41C0-9A77-6C7D4E718429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "15D5C1F9-C3B4-4733-8782-0E54AE543C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "286D3DE9-9796-42AE-88E1-F6E04BF8B449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B54248FC-FD5C-445E-BD8F-886D9D8736D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "89FB8D92-4A3A-4B52-93B0-6F809D313C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "06A8F83F-3551-4F3B-A0C9-EE6B8BA5436A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n imx_fec_do_tx function in hw/net/imx_fec.c en QEMU (tambi\u00e9n conocido como Quick Emulator) no limita adecuadamente el recuento del descriptor de b\u00fafer cuando trasmite paquetes, lo que permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (bucle infinito y ca\u00edda del proceso QEMU) a trav\u00e9s de vectores relacionados con un descriptor de b\u00fafer con una longitud de 0 y valores manipulados en bd.flags."
    }
  ],
  "id": "CVE-2016-7907",
  "lastModified": "2024-11-21T02:58:41.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-05T16:59:10.070",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/03/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/03/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93274"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201611-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/03/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/03/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201611-11"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-08 16:29
Modified
2024-11-21 03:35
Summary
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 8.0
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A965C2D1-C447-4324-95A4-27285ECF8909",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505."
    },
    {
      "lang": "es",
      "value": "QEMU (tambi\u00e9n conocido como Quick Emulator), cuando se integra con soporte USB OHCI Emulation, permite que usuarios invitados locales del sistema operativo provoquen una denegaci\u00f3n de servicio (bucle infinito) aprovechando un valor de retorno incorrecto."
    }
  ],
  "id": "CVE-2017-9330",
  "lastModified": "2024-11-21T03:35:50.773",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-08T16:29:00.607",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3920"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/06/01/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98779"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457697"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201706-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/06/01/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201706-03"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        },
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-10-30 22:46
Modified
2024-11-21 00:38
Severity ?
Summary
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
References
cve@mitre.orghttp://osvdb.org/42985Broken Link
cve@mitre.orghttp://secunia.com/advisories/25073Third Party Advisory, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/25095Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/27486Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/29129Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/29963Third Party Advisory
cve@mitre.orghttp://taviso.decsystem.org/virtsec.pdfTechnical Description, Third Party Advisory
cve@mitre.orghttp://www.attrition.org/pipermail/vim/2007-October/001842.htmlThird Party Advisory
cve@mitre.orghttp://www.debian.org/security/2007/dsa-1284Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2007:203Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:162Third Party Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0194.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/23731Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1597Third Party Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/38239Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/42985Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25073Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25095Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27486Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29129Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29963Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://taviso.decsystem.org/virtsec.pdfTechnical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.attrition.org/pipermail/vim/2007-October/001842.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1284Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:203Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:162Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0194.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23731Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1597Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/38239Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu 0.8.2
xen xen *
debian debian_linux 3.1
debian debian_linux 4.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the \"net socket listen\" option, aka QEMU \"net socket\" heap overflow.  NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of \"NE2000 network driver and the socket code,\" but this is the correct identifier for the individual net socket listen vulnerability."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en QEMU versi\u00f3n 0.8.2, como es usado en Xen y posiblemente otros productos, permite a usuarios locales ejecutar c\u00f3digo arbitrario por medio de datos dise\u00f1ados en la opci\u00f3n \"net socket listen\", tambi\u00e9n se conoce como desbordamiento de pila \"net socket\" de QEMU. NOTA: algunas fuentes han usado el CVE-2007-1321 para referirse a este problema como parte de \"NE2000 network driver and the socket code\u201d, pero este es el identificador correcto para la vulnerabilidad de escucha de socket de red individual."
    }
  ],
  "id": "CVE-2007-5730",
  "lastModified": "2024-11-21T00:38:34.023",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-30T22:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/42985"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25095"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27486"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29129"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29963"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://taviso.decsystem.org/virtsec.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2007/dsa-1284"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23731"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1597"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38239"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/42985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://taviso.decsystem.org/virtsec.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2007/dsa-1284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5729\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2007-11-02T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-01-23 20:15
Modified
2024-11-21 02:33
Summary
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/08/06/3Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/08/06/5Exploit, Mailing List, Third Party Advisory
secalert@redhat.comhttps://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295Patch, Third Party Advisory
secalert@redhat.comhttps://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.htmlMailing List, Patch, Third Party Advisory
secalert@redhat.comhttps://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/08/06/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/08/06/5Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.htmlMailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu *
fedoraproject fedora 21
fedoraproject fedora 22
fedoraproject fedora 23
arista eos 4.12
arista eos 4.13
arista eos 4.14
arista eos 4.15



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2047404E-2637-46D0-980C-ABEE8D3453C4",
              "versionEndExcluding": "2.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDF9823-D999-41A4-BB7B-A63C00ACE11B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F7426A-46F7-4BE0-806F-F4598C8B0426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7F71EBA-27AC-464B-8708-4E8971BC75A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8705CF80-DEFC-4425-8E23-D98FFD678157",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento del b\u00fafer en la funci\u00f3n send_control_msg en el archivo hw/char/virtio-serial-bus.c en QEMU versiones anteriores a 2.4.0, permite a usuarios invitados causar una denegaci\u00f3n de servicio (bloqueo del proceso de QEMU) por medio de un mensaje de control de virtio dise\u00f1ado."
    }
  ],
  "id": "CVE-2015-5745",
  "lastModified": "2024-11-21T02:33:45.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-23T20:15:12.090",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/08/06/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/08/06/5"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/08/06/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/08/06/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-10-16 18:29
Modified
2024-11-21 03:14
Summary
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
References
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2017/10/12/16Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/101262Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3368Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3369Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3466Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3470Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3471Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3472Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3473Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3474Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2018:0516Third Party Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1501290Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlThird Party Advisory
cve@mitre.orghttps://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.htmlMailing List, Patch, Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3575-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2018/dsa-4213Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/10/12/16Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101262Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3368Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3369Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3466Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3470Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3471Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3472Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3473Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3474Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0516Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1501290Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.htmlMailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3575-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4213Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE828526-81EF-4807-8E73-E0FC56034D8B",
              "versionEndIncluding": "2.10.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation."
    },
    {
      "lang": "es",
      "value": "Las funciones de escritura mode4and5 en hw/display/cirrus_vga.c en Qemu permiten que usuarios del sistema operativo invitados con privilegios provoquen una denegaci\u00f3n de servicio (acceso de lectura fuera de l\u00edmites y cierre inesperado del proceso Qemu) mediante vectores relacionados con el c\u00e1lculo dst."
    }
  ],
  "id": "CVE-2017-15289",
  "lastModified": "2024-11-21T03:14:23.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-16T18:29:00.623",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/10/12/16"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101262"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3368"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3466"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3470"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3471"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3472"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3473"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3474"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0516"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3575-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/10/12/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3575-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4213"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-10 00:59
Modified
2024-11-21 02:56
Summary
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/08/11/8Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/08/18/7Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/92446Third Party Advisory, VDB Entry
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.htmlPatch, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201609-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/08/11/8Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/08/18/7Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92446Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201609-01Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu *
qemu qemu 2.7.0
qemu qemu 2.7.0
qemu qemu 2.7.0
debian debian_linux 8.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CF78B06-34D3-4BF8-883B-7B9643BBA7CE",
              "versionEndIncluding": "2.6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.7.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "FA78F261-DEB3-46D5-9998-106F6210755E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.7.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F121048B-9387-40C6-A919-7F9A4A847EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.7.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7A102329-A5FB-4B9C-9094-BDA595807A56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n net_tx_pkt_do_sw_fragmentation en hw/net/net_tx_pkt.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (bucle infinito y ca\u00edda del proceso QEMU) a trav\u00e9s de una longitud cero para la longitud del fragmento actual."
    }
  ],
  "id": "CVE-2016-6834",
  "lastModified": "2024-11-21T02:56:55.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-10T00:59:05.120",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/08/11/8"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/08/18/7"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92446"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201609-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/08/11/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/08/18/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201609-01"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-04-23 15:55
Modified
2024-11-21 02:07
Severity ?
Summary
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0704.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0743.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0744.html
secalert@redhat.comhttp://secunia.com/advisories/57945Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/58191
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/04/15/4
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/04/18/5
secalert@redhat.comhttp://www.securityfocus.com/bid/66932
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2182-1
secalert@redhat.comhttps://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
secalert@redhat.comhttps://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html
secalert@redhat.comhttps://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0704.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0743.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0744.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57945Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/58191
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/04/15/4
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/04/18/5
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/66932
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2182-1
af854a3a-2127-422b-91ae-364da2661108https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
af854a3a-2127-422b-91ae-364da2661108https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html
af854a3a-2127-422b-91ae-364da2661108https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html
Impacted products
Vendor Product Version
qemu qemu *
qemu qemu 0.1.0
qemu qemu 0.1.1
qemu qemu 0.1.2
qemu qemu 0.1.3
qemu qemu 0.1.4
qemu qemu 0.1.5
qemu qemu 0.1.6
qemu qemu 0.2.0
qemu qemu 0.3.0
qemu qemu 0.4.0
qemu qemu 0.4.1
qemu qemu 0.4.2
qemu qemu 0.4.3
qemu qemu 0.5.0
qemu qemu 0.5.1
qemu qemu 0.5.2
qemu qemu 0.5.3
qemu qemu 0.5.4
qemu qemu 0.5.5
qemu qemu 0.6.0
qemu qemu 0.6.1
qemu qemu 0.7.0
qemu qemu 0.7.1
qemu qemu 0.7.2
qemu qemu 0.8.0
qemu qemu 0.8.1
qemu qemu 0.8.2
qemu qemu 0.9.0
qemu qemu 0.9.1
qemu qemu 0.9.1-5
qemu qemu 0.10.0
qemu qemu 0.10.1
qemu qemu 0.10.2
qemu qemu 0.10.3
qemu qemu 0.10.4
qemu qemu 0.10.5
qemu qemu 0.10.6
qemu qemu 0.11.0
qemu qemu 0.11.0
qemu qemu 0.11.0
qemu qemu 0.11.0
qemu qemu 0.11.0-rc0
qemu qemu 0.11.0-rc1
qemu qemu 0.11.0-rc2
qemu qemu 0.11.1
qemu qemu 0.12.0
qemu qemu 0.12.0
qemu qemu 0.12.0
qemu qemu 0.12.1
qemu qemu 0.12.2
qemu qemu 0.12.3
qemu qemu 0.12.4
qemu qemu 0.12.5
qemu qemu 0.13.0
qemu qemu 0.13.0
qemu qemu 0.13.0
qemu qemu 0.14.0
qemu qemu 0.14.0
qemu qemu 0.14.0
qemu qemu 0.14.0
qemu qemu 0.14.1
qemu qemu 0.15.0
qemu qemu 0.15.0
qemu qemu 0.15.1
qemu qemu 0.15.2
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1.1
qemu qemu 1.1.2
qemu qemu 1.2.0
qemu qemu 1.2.0
qemu qemu 1.2.0
qemu qemu 1.2.0
qemu qemu 1.2.0
qemu qemu 1.2.1
qemu qemu 1.2.2
qemu qemu 1.3.0
qemu qemu 1.3.0
qemu qemu 1.3.0
qemu qemu 1.3.0
qemu qemu 1.3.1
qemu qemu 1.4.0
qemu qemu 1.4.0
qemu qemu 1.4.1
qemu qemu 1.4.2
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.1
qemu qemu 1.5.2
qemu qemu 1.5.3
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.1
qemu qemu 1.6.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "535B1295-C195-4EFD-8509-C6DE3FAF3F3E",
              "versionEndIncluding": "1.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC82CD08-F151-489C-9BC4-50C8C9583718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D04344-C6CE-40D5-97ED-42B3DBA1AAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CC4D45-66BE-4C23-B541-DD4604ACC9FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E41058D-380C-4098-96FB-53CC158ED420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE12226-C599-45A2-8CFD-32753F94204B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C06F8832-B32F-4352-B048-A4ADCE85373E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5278C685-988B-40D7-9AE9-B4FB8AF41C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C6B20B-2E5D-4D25-885A-227A4BE5EEBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2FF7251-031D-4A9B-9AF0-1FFE556456D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D942D17-1AA9-4D5A-8F5E-0F4F762522D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2519BF-5F68-4096-8DE2-2C7BCF7200D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B00BD71-2AE5-47BA-999A-7E89590B86C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA6701A9-78CC-49D0-A40A-CB1C774400AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B5A7F2-B5B2-46CF-BBD0-AB986A8E55EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEBD56F-EFBC-4620-A77C-E215A7AFDAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C45EA44-ECD1-40A7-89CE-D770BDC9DB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83088B0F-A6F8-4F47-99C0-09FEA234272F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E948D4-6C1A-43D2-B128-1A728FD61703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6470915C-CA3C-42CA-B69B-0FC40A33D02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "759505BA-6F19-4BAE-8297-D8F30EEC8D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A98CC34-2DB7-46CD-AA60-A7C08DDF22B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E424B63B-DCD8-4209-A4CB-84C1EDF5B255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9576AA2-2FDD-4063-8D84-DE8DB063AC54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "544368B2-37BE-41DD-8DC2-F04B6A394696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14A6B570-09CE-4AFF-AC8C-51F37FC79811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC5670FB-B9EA-4B9C-BB7B-575494F12CA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1D35E0-2033-4ADE-9ADA-3B45996B53B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6205775B-4A83-498F-A60E-54473F5D5704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8BCDB83-93ED-43CC-9D12-FAB227BE48CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "39A6382B-A08C-4D58-B3F9-D74132A74B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7483B9F2-246C-4B78-9EFA-7734B7209054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83436B8-AFC9-4AA2-8414-1F703812718D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCA47F54-B59B-45EC-B5D4-DF544E4BE1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4786DEA6-6F23-4969-B7E0-C664FCB2284E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA3CABBB-9C1F-4ACD-A2AC-8320348DDA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0ED046D-26E2-4E01-BAB1-F86249A2E827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94A2973F-4CDA-4B8D-8331-FD14394AB906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "A4EF80C9-6950-412E-975F-058F20DF9F04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "921698C0-DCE3-4604-8ED3-B327273D6EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F75C73E2-9137-4EAB-8D76-B0B22C391A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE2585F-9F3C-445C-B0A4-CC214B23F2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F061815-F34A-431A-9BF3-020348CB5C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE5017A8-9600-422D-A612-CBEF1C3A1E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "340D614F-7B0B-4CB3-AEF3-26360FADF67C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C71C7DAD-86D5-4E9B-9549-C9FBD48AE22C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "37E501EA-4C70-48F1-9822-5575AFAA8783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "77FCC2AD-2FDA-484B-B4A6-D842404DEE59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48D2B63-5171-45E6-BF19-DFC63FA6683D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7750C948-7169-44F1-A834-AE52BFBDC701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD07B7AA-7237-44A9-B8BB-ACEC48BAFBEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD38AD65-FF40-431B-BA2C-D55A7D0737A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36233339-A9DF-4ACD-89A6-F79CB07E1568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F385658D-5D5C-49E6-8C67-FE4321CDCE1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "0A74A421-6012-4BEC-802D-7A05D20AF285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EB41C21C-B250-40D1-ADC1-B03866794417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77768E6F-408A-48A7-9F67-B8E1760DBA11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "8162E07B-718E-41B3-B19C-A933CC1E2710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0229959-6909-482B-9446-68C9B3021510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7048A380-A251-42D7-B081-CDB38B6A27F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EA71FFE-E41F-4128-A598-EDF446D9A045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EE446FA1-FBB8-4B76-904C-F4664703BFBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "80621FFA-6189-47CD-9A6A-1D5A781862AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5773C0-7714-496A-B038-9C02B99D8F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77D3B9C-CE03-4F1C-BA0C-EBC406AF7A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E66599D-9EC4-409C-BD26-62EC3B001984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1CF80F8D-5402-4AA6-ABB1-EEBD8EA0BBDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "92FE0592-3611-4F93-A0B2-73ADFBF87FB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "795EDF48-6FE0-4DE7-A57F-632BF0043677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "17B83487-28EC-4EF0-9703-BD86384C1276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15A780B6-2BF3-480C-A519-16D1BFF2FC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8771F32-FFD2-43BD-B660-2CA8F6C41C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "01E89E31-F32D-4035-8923-7A5728E75DDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "436BABC6-3D1C-4945-AADF-ED4D7C686E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C3307CBF-525D-4F66-A7A6-B0B273C0BD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "E0A03725-CE1B-451F-8E14-9168E417692C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1FB5077-7D1C-4B98-998B-C65C544AD371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "09EADA68-1ECE-4E1C-A569-365CF8B18133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D91661E-9274-4612-A755-A69EDB0028DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.2.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "BA54473B-120C-43F7-955C-BB2248A0BFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1FF40A15-517E-42D6-A487-4AFD36C27503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5730508B-C582-423C-9457-E7D6D68A630A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AEFDAE1D-D9AA-44E6-97B1-BD62B1FB8A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8F93D54-2943-41FC-9277-FEEFC435158F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BF6665-E3DD-4094-8CC8-3348B7A9EA20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29138484-758B-4BD9-8688-8794557EACA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.3.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "628A0AB2-44C8-4A87-B564-EA8A98DD3366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EF31E3F3-27B9-45F1-A132-D43516C01DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.3.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E6CA6017-71FD-4EB0-98CE-67ABF87BA3A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D03CD41F-3E92-4070-88E2-5BE76A26F7BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "AB50F890-EE24-4470-9319-759F039A84EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D16D8476-AFFB-4D94-8E96-929AF142C981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA86C99D-E544-471F-8F8E-94525E600132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "998961D0-6B1E-4237-AFC3-2E1E4D90BDE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "35B1E3F1-4647-47FF-9546-0742F10B607B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0147F4B2-0591-4681-AE24-975AB6A349D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "97757FF0-D0D6-4BFE-811A-6398D8520D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F126B1-284B-4B3A-8540-1498628C46F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "508383F4-B6EE-4C64-AE63-209EA87DF557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC5BC38-FFBD-4484-943D-47A0AADD20B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption."
    },
    {
      "lang": "es",
      "value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en la funci\u00f3n cmd_smart en la autoprueba SMART en hw/ide/core.c en QEMU anterior a 2.0 permite a usuarios locales tener impacto no especificado a trav\u00e9s de un comando SMART EXECUTE OFFLINE que provoca un subdesbordamiento de buffer (buffer underflow) y corrupci\u00f3n de memoria."
    }
  ],
  "id": "CVE-2014-2894",
  "lastModified": "2024-11-21T02:07:09.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-23T15:55:05.157",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/57945"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/58191"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/15/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/18/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/66932"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2182-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/57945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/58191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/15/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/18/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66932"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2182-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-08-31 10:59
Modified
2024-11-21 02:28
Severity ?
Summary
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
References
secalert@redhat.comhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924Patch, Vendor Advisory
secalert@redhat.comhttp://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33Broken Link, Vendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-1507.htmlIssue Tracking, Third Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-1508.htmlIssue Tracking, Third Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-1512.htmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2015/dsa-3348Issue Tracking, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/06/25/7Mailing List
secalert@redhat.comhttp://www.securityfocus.com/bid/75273Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1032598Third Party Advisory, VDB Entry
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1229640Issue Tracking
secalert@redhat.comhttps://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924Patch, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201510-02Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://support.lenovo.com/product_security/qemuThird Party Advisory
secalert@redhat.comhttps://support.lenovo.com/us/en/product_security/qemuThird Party Advisory
secalert@redhat.comhttps://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13Third Party Advisory
secalert@redhat.comhttps://www.exploit-db.com/exploits/37990/Third Party Advisory, VDB Entry
secalert@redhat.comhttps://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1507.htmlIssue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1508.htmlIssue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1512.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3348Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/06/25/7Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75273Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032598Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1229640Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201510-02Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.lenovo.com/product_security/qemuThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.lenovo.com/us/en/product_security/qemuThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/37990/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html
Impacted products
Vendor Product Version
qemu qemu *
linux linux_kernel *
arista eos 4.12
arista eos 4.13
arista eos 4.14
arista eos 4.15
debian debian_linux 7.0
debian debian_linux 8.0
lenovo emc_px12-400r_ivx *
lenovo emc_px12-450r_ivx *
redhat openstack 5.0
redhat openstack 6.0
redhat virtualization 3.0
redhat enterprise_linux_compute_node_eus 7.1
redhat enterprise_linux_compute_node_eus 7.2
redhat enterprise_linux_compute_node_eus 7.3
redhat enterprise_linux_compute_node_eus 7.4
redhat enterprise_linux_compute_node_eus 7.5
redhat enterprise_linux_compute_node_eus 7.6
redhat enterprise_linux_compute_node_eus 7.7
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_for_power_big_endian_eus 7.1_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.2_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 7.1
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_from_rhui 7.0
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_update_services_for_sap_solutions 7.2
redhat enterprise_linux_server_update_services_for_sap_solutions 7.3
redhat enterprise_linux_server_update_services_for_sap_solutions 7.4
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_workstation 7.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABF17A18-4BE8-41B7-B50C-F4A137B3B2F1",
              "versionEndIncluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367A8B9-ABB9-4E4E-9A2A-85719CBE8DAC",
              "versionEndIncluding": "2.6.32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDF9823-D999-41A4-BB7B-A63C00ACE11B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F7426A-46F7-4BE0-806F-F4598C8B0426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7F71EBA-27AC-464B-8708-4E8971BC75A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8705CF80-DEFC-4425-8E23-D98FFD678157",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:emc_px12-400r_ivx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19E383C6-5DB4-4D42-BC8E-70CEA527FAEF",
              "versionEndExcluding": "1.0.10.33264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:lenovo:emc_px12-450r_ivx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "811FD71F-FC60-478B-B257-A7019AE6F88A",
              "versionEndExcluding": "1.0.10.33264",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9835B192-FE11-4FB6-B1D8-C47530A46014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F5A4C6-E90F-4B33-8B28-D57FC36E3866",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39E542B7-500F-4B9E-B712-886C593525E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F97AEB-F4DB-4F1F-A69C-5EF8CBBFAFE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C69E57-48DE-467F-8ADD-B4601CE1611E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "35A9FD70-E9CA-43AF-A453-E41EAB430E7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "742A198F-D40F-4B32-BB9C-C5EF5B09C3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.1_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B6ED0AA-CD87-47A5-8E82-C9C7BD14F1AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5B5F9E-D749-45E5-8538-7CED9620C00C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "188019BF-3700-4B3F-BFA5-553B2B545B7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8B2E32-B838-4E51-BAA2-764089D2A684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "4319B943-7B19-468D-A160-5895F7F997A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F732C7C9-A9CC-4DEF-A8BE-D0F18C944C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55DF5F02-550E-41E0-86A3-862F2785270C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA5F8426-5EEB-4013-BE49-8E705DA140B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C7E9628-0915-4C49-8929-F5E060A20CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C450C83-695F-4408-8B4F-0E7D6DDAE345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3707B08D-8A78-48CB-914C-33A753D13FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en pit_ioport_read en i8254.c en el kernel de Linux en versiones anteriores a 2.6.33 y en QEMU en versiones anteriores a 2.3.1, no distingue entre longitudes de lectura y longitudes de escritura, lo que podr\u00eda permitir a los usuarios invitados del SO ejecutar c\u00f3digo arbitrario en el host del SO desencadenando el uso de un \u00edndice no v\u00e1lido."
    }
  ],
  "id": "CVE-2015-3214",
  "lastModified": "2024-11-21T02:28:55.273",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-31T10:59:07.580",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3348"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/06/25/7"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75273"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032598"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201510-02"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/product_security/qemu"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/qemu"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37990/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/06/25/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201510-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/product_security/qemu"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/qemu"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37990/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-06-16 18:59
Modified
2024-11-21 02:48
Summary
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190
secalert@redhat.comhttp://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.htmlVendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/03/02/8
secalert@redhat.comhttp://www.securityfocus.com/bid/84028
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2974-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1303106
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
secalert@redhat.comhttps://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.htmlVendor Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201609-01
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190
af854a3a-2127-422b-91ae-364da2661108http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/03/02/8
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/84028
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2974-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1303106
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201609-01
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "585C8283-F180-4305-BFA0-B125754DFCC6",
              "versionEndIncluding": "2.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ne2000_receive en el soporte de emulaci\u00f3n NE2000 NIC (hw/net/ne2000.c) en QEMU en versiones anteriores a 2.5.1 permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (bucle infinito y ca\u00edda del proceso QEMU) a trav\u00e9s de valores manipulados para los registros PSTART y PSTOP, involucrando control de anillo de buffer."
    }
  ],
  "id": "CVE-2016-2841",
  "lastModified": "2024-11-21T02:48:55.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-16T18:59:07.203",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2016/03/02/8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/84028"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2974-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303106"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201609-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2016/03/02/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/84028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2974-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201609-01"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-27 19:29
Modified
2024-11-21 03:23
Summary
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
References
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2017/02/23/1Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/96417Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:1205Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:1206Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:1441Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:1856Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7
secalert@redhat.comhttps://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/02/23/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96417Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1441Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1856Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7
af854a3a-2127-422b-91ae-364da2661108https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28E9188E-054F-4D32-ABB7-79F588AFB98E",
              "versionEndExcluding": "1.7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the \u0027vnc_refresh_server_surface\u0027. A user inside a guest could use this flaw to crash the QEMU process."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado un problema de acceso a la memoria fuera de l\u00edmites en Quick Emulator (QEMU) en versiones anteriores a la 1.7.2 en el controlador de pantalla VNC. Esta vulnerabilidad podr\u00eda ocurrir mientras se refresca la superficie del display de VNC en el \"vnc_refresh_server_surface\". Un usuario dentro de un guest podr\u00eda usar esta vulnerabilidad para provocar el cierre inesperado del proceso de QEMU."
    }
  ],
  "id": "CVE-2017-2633",
  "lastModified": "2024-11-21T03:23:52.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-27T19:29:00.533",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96417"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1205"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1206"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1441"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1856"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-10 00:59
Modified
2024-11-21 02:57
Summary
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2016-12/msg00140.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/09/16/10Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/09/16/4Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/92996Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:2392Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
secalert@redhat.comhttps://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.htmlPatch, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201609-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/09/16/10Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/09/16/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92996Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201609-01Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C",
              "versionEndIncluding": "2.7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9AF77C-5D49-4842-9817-AD710A919073",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n virtqueue_map_desc en hw/virtio/virtio.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda del proceso QEMU) a trav\u00e9s de un gran valor de longitud de b\u00fafer descriptor de I/O."
    }
  ],
  "id": "CVE-2016-7422",
  "lastModified": "2024-11-21T02:57:58.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-10T00:59:18.687",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/09/16/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/09/16/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92996"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2392"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201609-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/09/16/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/09/16/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201609-01"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-05-13 16:15
Modified
2024-11-21 05:46
Summary
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 9.0
debian debian_linux 10.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "326C44E5-259C-47D1-B540-E153CD7C907C",
              "versionEndIncluding": "5.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo de condici\u00f3n de carrera en la implementaci\u00f3n del servidor 9pfs de QEMU versiones hasta 5.2.0 incluy\u00e9ndola.\u0026#xa0;Este fallo permite a un cliente 9p malicioso causar un error de uso de la memoria previamente liberada, escalando potencialmente sus privilegios en el sistema.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad as\u00ed como la disponibilidad del sistema"
    }
  ],
  "id": "CVE-2021-20181",
  "lastModified": "2024-11-21T05:46:04.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-13T16:15:07.653",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927007"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0009/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-159/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210720-0009/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-159/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-13 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.htmlThird Party Advisory
secalert@redhat.comhttp://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.htmlPatch, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-04/msg00051.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-04/msg00052.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0599.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0608.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0609.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0610.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0639.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/55082Third Party Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201309-24.xmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2607Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2608Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2619Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/12/30/1Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/57420Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1692-1Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=889301Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0599.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0608.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0609.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0610.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0639.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55082Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201309-24.xmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2607Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2608Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2619Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/12/30/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57420Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1692-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=889301Issue Tracking, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E663E62-0A5F-4B37-B629-51EE53A5FDCD",
              "versionEndExcluding": "1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
              "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
              "matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en la funci\u00f3n e1000_receive del controlador de dispositivo e1000 (hw/e1000.c) en QEMU v1.3.0-rc2 y otras versiones, cuando las banderas de PAS y LPE est\u00e1n deshabilitadas, permiten ataques remotos que provocan una denegaci\u00f3n de servicios (errores en el sistema operativo invitado) y posiblemente ejecutar c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2012-6075",
  "lastModified": "2024-11-21T01:45:46.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-13T01:55:03.027",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0599.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0608.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0609.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0610.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0639.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/55082"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2607"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2608"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2619"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/12/30/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/57420"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1692-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0599.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0608.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0609.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0610.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0639.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/55082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2013/dsa-2619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/12/30/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/57420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-1692-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-09 22:59
Modified
2024-11-21 03:00
Summary
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2016-12/msg00140.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/10/28/2Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/10/30/8Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/93956Third Party Advisory, VDB Entry
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.htmlPatch, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201611-11Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/10/28/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/10/30/8Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93956Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201611-11Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 8.0
opensuse leap 42.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C",
              "versionEndIncluding": "2.7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de entero en las funciones (1) v9fs_xattr_read y (2) v9fs_xattr_write en hw/9pfs/9p.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permiten a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso QEMU) mediante un desplazamiento manipulado, lo que desencadena un acceso fuera de los l\u00edmites."
    }
  ],
  "id": "CVE-2016-9104",
  "lastModified": "2024-11-21T03:00:36.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-09T22:59:10.593",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/28/2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/30/8"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93956"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201611-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/28/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/30/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201611-11"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-06 16:29
Modified
2024-11-21 03:36
Summary
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.
References
cve@mitre.orghttp://www.debian.org/security/2017/dsa-3925Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2017/06/12/1Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/99011Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:1681Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:1682Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
cve@mitre.orghttps://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.htmlPatch, Third Party Advisory
cve@mitre.orghttps://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3925Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/06/12/1Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99011Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1681Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1682Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8E599C-1E63-4D90-9BE4-9ADA35192912",
              "versionEndIncluding": "2.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function."
    },
    {
      "lang": "es",
      "value": "El servidor qemu-nbd en QEMU (tambi\u00e9n se conoce como Quick Emulator), cuando se ensambl\u00f3 con el soporte del servidor Network Block Device (NBD), permite a los atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y fallo del servidor) aprovechando el fallo para garantizar que toda la inicializaci\u00f3n ocurre antes de hablar con un cliente en la funci\u00f3n nbd_negotiate."
    }
  ],
  "id": "CVE-2017-9524",
  "lastModified": "2024-11-21T03:36:19.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-06T16:29:00.467",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3925"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/06/12/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99011"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1681"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1682"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/06/12/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-02 20:15
Modified
2024-11-21 05:05
Summary
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 9.0
debian debian_linux 10.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F3096A-D0CB-496D-A4B0-F5D495F93EF6",
              "versionEndIncluding": "5.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference."
    },
    {
      "lang": "es",
      "value": "En QEMU versi\u00f3n 4.2.0, un objeto MemoryRegionOps puede carecer de m\u00e9todos de devoluci\u00f3n de llamada de lectura y escritura, conllevando a una desreferencia del puntero NULL"
    }
  ],
  "id": "CVE-2020-15469",
  "lastModified": "2024-11-21T05:05:34.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 2.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-02T20:15:11.227",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/07/02/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/07/02/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-09-29 03:15
Modified
2024-11-21 02:01
Summary
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0420.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0421.htmlThird Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1079240Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://www.vulnerabilitycenter.com/#%21vul=44767
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0420.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0421.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1079240Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.vulnerabilitycenter.com/#%21vul=44767



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C21D4E-49B0-4DED-99BA-DBE313C548BC",
              "versionEndExcluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "569964DA-31BE-4520-A66D-C3B09D557AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0D1C568-6B3A-4F73-977E-DAA981736120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process."
    },
    {
      "lang": "es",
      "value": "Los controladores de bloque de QEMU versiones anteriores a 2.0.0 para CLOOP, QCOW2 versi\u00f3n 2 y varios otros formatos de imagen son vulnerables a posibles corrupciones de memoria, desbordamientos de enteros/buffer o bloqueos causados por falta de comprobaciones de entrada que podr\u00edan permitir a un usuario remoto ejecutar c\u00f3digo arbitrario en el host con los privilegios del proceso QEMU"
    }
  ],
  "id": "CVE-2014-0144",
  "lastModified": "2024-11-21T02:01:28.347",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-29T03:15:11.087",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079240"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.vulnerabilitycenter.com/#%21vul=44767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.vulnerabilitycenter.com/#%21vul=44767"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-29 22:59
Modified
2024-11-21 02:39
Summary
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b
secalert@redhat.comhttp://www.debian.org/security/2016/dsa-3471Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/01/04/3Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/01/04/6Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/79821Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1034576Third Party Advisory, VDB Entry
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1270871Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201602-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3471Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/01/04/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/01/04/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/79821Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034576Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1270871Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201602-01Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 8.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CDD0AC9-F6E4-47B3-A0E9-C1E7D7F8837F",
              "versionEndIncluding": "2.4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS."
    },
    {
      "lang": "es",
      "value": "QEMU (tambi\u00e9n conocido como Quick Emulator) construido con un soporte de emulador VMWARE VMXNET3 paravirtual NIC es vulnerable a un problema de ca\u00edda. Ocurre cuando un invitado env\u00eda un paquete Layer-2 m\u00e1s peque\u00f1o que 22 bytes. Un usuario invitado privilegiado (CAP_SYS_RAWIO) podr\u00eda usar esta falla para bloquear la instancia de proceso QEMU resultando en DoS."
    }
  ],
  "id": "CVE-2015-8744",
  "lastModified": "2024-11-21T02:39:05.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-29T22:59:00.230",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3471"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/01/04/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/01/04/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/79821"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034576"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1270871"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201602-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/01/04/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/01/04/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/79821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1270871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201602-01"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-06-02 15:15
Modified
2024-11-21 04:22
Summary
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9E0C78-9678-4CEE-9389-962CF618A51F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "542B31BD-5767-4B33-9201-40548D1223B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack_platform:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C17C9440-DF92-484F-954D-DE75F099D7A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*",
              "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ahci_commit_buf en el archivo ide/ahci.c en QEMU permite a atacantes causar una denegaci\u00f3n de servicio (derivaci\u00f3n de NULL) cuando el encabezado del comando \"ad-)cur_cmd\" es null"
    }
  ],
  "id": "CVE-2019-12067",
  "lastModified": "2024-11-21T04:22:10.133",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-02T15:15:07.680",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1145642"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2019-12067"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210727-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1145642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2019-12067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210727-0001/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-02-19 14:29
Modified
2024-11-21 04:42
Summary
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html
secalert@redhat.comhttp://www.securityfocus.com/bid/107059Third Party Advisory, VDB Entry
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
secalert@redhat.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
secalert@redhat.comhttps://seclists.org/bugtraq/2019/May/76
secalert@redhat.comhttps://usn.ubuntu.com/3923-1/Third Party Advisory
secalert@redhat.comhttps://www.debian.org/security/2019/dsa-4454
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107059Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/May/76
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3923-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4454
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "801F5492-704C-4941-B434-627286BD70B4",
              "versionEndIncluding": "3.1.0",
              "versionStartIncluding": "2.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host."
    },
    {
      "lang": "es",
      "value": "QEMU, hasta la versi\u00f3n 2.10 y la 3.1.0, es vulnerable a una lectura fuera de l\u00edmites de hasta 128 bytes en la funci\u00f3n hw/i2c/i2c-ddc.c:i2c_ddc(). Un atacante local con permisos para ejecutar comandos i2c podr\u00eda aprovechar este hecho para leer la memoria de pila del proceso qemu en el host."
    }
  ],
  "id": "CVE-2019-3812",
  "lastModified": "2024-11-21T04:42:35.553",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-19T14:29:00.193",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107059"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://seclists.org/bugtraq/2019/May/76"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3923-1/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.debian.org/security/2019/dsa-4454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://seclists.org/bugtraq/2019/May/76"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3923-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2019/dsa-4454"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-02 19:29
Modified
2024-11-21 03:07
Summary
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
References
cve@mitre.orghttp://www.debian.org/security/2017/dsa-3925Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2017/07/17/4Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/99895Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3369Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3466Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3470Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3471Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3472Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3473Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:3474Third Party Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1471638Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.htmlMailing List, Patch, Vendor Advisory
cve@mitre.orghttps://usn.ubuntu.com/3575-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2017/dsa-3925Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/07/17/4Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99895Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3369Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3466Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3470Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3471Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3472Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3473Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3474Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1471638Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.htmlMailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3575-1/Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 9.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8E599C-1E63-4D90-9BE4-9ADA35192912",
              "versionEndIncluding": "2.9.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n address_space_write_continue en exec.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a los usuarios invitado locales con privilegios del sistema operativo provocar una denegaci\u00f3n de servicio (acceso fuera de los l\u00edmites y detenci\u00f3n de las instancias de la cuenta de invitado) usando qemu_map_ram_ptr para acceder al \u00e1rea del bloque de memoria ram del invitado."
    }
  ],
  "id": "CVE-2017-11334",
  "lastModified": "2024-11-21T03:07:35.017",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-02T19:29:00.710",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3925"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/07/17/4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99895"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3466"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3470"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3471"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3472"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3473"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3474"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471638"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3575-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/07/17/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3575-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-11-04 21:59
Modified
2024-11-21 02:59
Summary
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2016-12/msg00140.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/10/10/13Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/10/10/7Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/93473Third Party Advisory, VDB Entry
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201611-11Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/10/10/13Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/10/10/7Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93473Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201611-11Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 8.0
opensuse leap 42.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C",
              "versionEndIncluding": "2.7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation."
    },
    {
      "lang": "es",
      "value": "Fuga de memoria en la funci\u00f3n v9fs_read en hw/9pfs/9p.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de vectores relacionados con una operaci\u00f3n de lectura I/O."
    }
  ],
  "id": "CVE-2016-8577",
  "lastModified": "2024-11-21T02:59:36.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-04T21:59:01.520",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/10/13"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/10/7"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93473"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201611-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/10/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/10/10/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201611-11"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-772"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-27 21:29
Modified
2024-11-21 03:01
Summary
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
References
secalert@redhat.comhttp://www.securityfocus.com/bid/96893Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1038023Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:0980Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:0981Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:0982Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:0983Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:0984Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:0985Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:0987Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:0988Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:1205Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:1206Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:1441Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/02/msg00005.htmlThird Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
secalert@redhat.comhttps://security.gentoo.org/glsa/201706-03Third Party Advisory
secalert@redhat.comhttps://support.citrix.com/article/CTX221578Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96893Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038023Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0980Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0981Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0982Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0983Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0984Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0985Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0987Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0988Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1205Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1206Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1441Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/02/msg00005.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201706-03Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.citrix.com/article/CTX221578Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "296F09E2-48CC-4B5F-BE4F-04760D389E39",
              "versionEndExcluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FCF191B-971A-4945-AB14-08091689BE2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "878949E0-D656-4E0E-858A-C6AD948A2A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "DBCF6643-ACDE-4DDB-8B01-D952DDF8951E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "405F950F-0772-41A3-8B72-B67151CC1376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5647AEA-DCE6-4950-A7EB-05465ECDDE16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap buffer overflow flaw was found in QEMU\u0027s Cirrus CLGD 54xx VGA emulator\u0027s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process."
    },
    {
      "lang": "es",
      "value": "Se ha detectado una vulnerabilidad de desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en el soporte del controlador de pantalla VNC del emulador Cirrus CLGD 54xx VGA de QEMU en versiones anteriores a la 2.9. El problema pod\u00eda ocurrir cuando un cliente VNC intentaba actualizar su pantalla despu\u00e9s de que un invitado realizara una operaci\u00f3n VGA. Un usuario/proceso privilegiado dentro de un guest podr\u00eda usar esta vulnerabilidad para provocar que el proceso de QEMU se cierre inesperadamente o, potencialmente, ejecutar c\u00f3digo arbitrario en el host con privilegios del proceso de QEMU."
    }
  ],
  "id": "CVE-2016-9603",
  "lastModified": "2024-11-21T03:01:29.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 3.7,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-27T21:29:00.290",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96893"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038023"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0980"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0981"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0982"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0983"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0984"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0985"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0987"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0988"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1205"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1206"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1441"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201706-03"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX221578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201706-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX221578"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-12-24 18:29
Modified
2024-11-21 00:54
Severity ?
Summary
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
References
cve@mitre.orghttp://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
cve@mitre.orghttp://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
cve@mitre.orghttp://secunia.com/advisories/33568
cve@mitre.orghttp://secunia.com/advisories/34642
cve@mitre.orghttp://secunia.com/advisories/35062
cve@mitre.orghttp://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
cve@mitre.orghttp://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
cve@mitre.orghttp://www.securityfocus.com/bid/33020
cve@mitre.orghttp://www.ubuntu.com/usn/usn-776-1
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/47683
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33568
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34642
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35062
af854a3a-2127-422b-91ae-364da2661108http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
af854a3a-2127-422b-91ae-364da2661108http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33020
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-776-1
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/47683
Impacted products
Vendor Product Version
qemu qemu 0.9.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6205775B-4A83-498F-A60E-54473F5D5704",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended."
    },
    {
      "lang": "es",
      "value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en monitor.c en Qemu 0.9.1 podr\u00eda facilitar a atacantes remotos adivinar la contrase\u00f1a VNC, que est\u00e1 limitada a siete caracteres cuando se habr\u00edan previsto ocho."
    }
  ],
  "id": "CVE-2008-5714",
  "lastModified": "2024-11-21T00:54:43.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-24T18:29:15.890",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33568"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35062"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5966"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu\u0026r1=5966\u0026r2=5965\u0026pathrev=5966"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33020"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-776-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu\u0026r1=5966\u0026r2=5965\u0026pathrev=5966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-776-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47683"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5.",
      "lastModified": "2009-02-26T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-04 17:55
Modified
2024-11-21 01:55
Severity ?
Summary
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
References
secalert@redhat.comhttp://article.gmane.org/gmane.comp.emulators.qemu/237191Broken Link
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://osvdb.org/98028Broken Link
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1553.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1754.htmlThird Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/10/02/2Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/62773Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2092-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.emulators.qemu/237191Broken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/98028Broken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1553.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1754.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/10/02/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62773Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2092-1Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12706271-F21F-4DB9-9084-9CFD925DA763",
              "versionEndIncluding": "1.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en la implementaci\u00f3n SCSI de QEMU, tal como es usado en Xen, cuando un controlador SCSI tiene m\u00e1s de 256 dispositivos adjuntos, permite a usuarios locales obtener privilegios a trav\u00e9s de un buffer de peque\u00f1a transferencia en un comando REPORT LUNS."
    }
  ],
  "id": "CVE-2013-4344",
  "lastModified": "2024-11-21T01:55:23.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-04T17:55:09.913",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/98028"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/10/02/2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62773"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2092-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/98028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/10/02/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2092-1"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-01-23 20:15
Modified
2024-11-21 02:32
Summary
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/09/15/2Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2745-1Third Party Advisory
secalert@redhat.comhttps://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.htmlMailing List, Patch, Third Party Advisory
secalert@redhat.comhttps://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/09/15/2Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2745-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.htmlMailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14Third Party Advisory
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDB883F-B428-47EF-AAB3-BD647220C91A",
              "versionEndExcluding": "2.4.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDF9823-D999-41A4-BB7B-A63C00ACE11B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F7426A-46F7-4BE0-806F-F4598C8B0426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7F71EBA-27AC-464B-8708-4E8971BC75A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8705CF80-DEFC-4425-8E23-D98FFD678157",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ne2000_receive en el archivo hw/net/ne2000.c en QEMU versiones anteriores a 2.4.0.1, permite a atacantes causar una denegaci\u00f3n de servicio (bucle infinito y bloqueo de instancia) o posiblemente ejecutar c\u00f3digo arbitrario mediante vectores relacionados a la recepci\u00f3n de paquetes."
    }
  ],
  "id": "CVE-2015-5278",
  "lastModified": "2024-11-21T02:32:42.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-23T20:15:11.967",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/09/15/2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2745-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/09/15/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2745-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-12-20 23:29
Modified
2024-11-21 04:01
Summary
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34A3C97E-3E60-462F-B5D0-E5664277AC66",
              "versionEndIncluding": "3.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference)."
    },
    {
      "lang": "es",
      "value": "hw/rdma/vmw/pvrdma_main.c en QEMU no implementa una operaci\u00f3n de lectura (como uar_read por analog\u00eda con uar_write), lo que permite que los atacantes provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL)."
    }
  ],
  "id": "CVE-2018-20191",
  "lastModified": "2024-11-21T04:01:03.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-20T23:29:02.223",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2018/12/18/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106276"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3923-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2018/12/18/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3923-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-11-04 21:55
Modified
2024-11-21 02:01
Severity ?
Summary
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
secalert@redhat.comhttp://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.htmlPatch
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3044
secalert@redhat.comhttp://www.securityfocus.com/bid/67357
secalert@redhat.comhttps://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html
af854a3a-2127-422b-91ae-364da2661108http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3044
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67357
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.htmlExploit
Impacted products
Vendor Product Version
suse linux_enterprise_server 11.0
qemu qemu *
qemu qemu 0.1.0
qemu qemu 0.1.1
qemu qemu 0.1.2
qemu qemu 0.1.3
qemu qemu 0.1.4
qemu qemu 0.1.5
qemu qemu 0.1.6
qemu qemu 0.2.0
qemu qemu 0.3.0
qemu qemu 0.4.0
qemu qemu 0.4.1
qemu qemu 0.4.2
qemu qemu 0.4.3
qemu qemu 0.5.0
qemu qemu 0.5.1
qemu qemu 0.5.2
qemu qemu 0.5.3
qemu qemu 0.5.4
qemu qemu 0.5.5
qemu qemu 0.6.0
qemu qemu 0.6.1
qemu qemu 0.7.0
qemu qemu 0.7.1
qemu qemu 0.7.2
qemu qemu 0.8.0
qemu qemu 0.8.1
qemu qemu 0.8.2
qemu qemu 0.9.0
qemu qemu 0.9.1
qemu qemu 0.9.1-5
qemu qemu 0.10.0
qemu qemu 0.10.1
qemu qemu 0.10.2
qemu qemu 0.10.3
qemu qemu 0.10.4
qemu qemu 0.10.5
qemu qemu 0.10.6
qemu qemu 0.11.0
qemu qemu 0.11.0
qemu qemu 0.11.0
qemu qemu 0.11.0
qemu qemu 0.11.0-rc0
qemu qemu 0.11.0-rc1
qemu qemu 0.11.0-rc2
qemu qemu 0.11.1
qemu qemu 0.12.0
qemu qemu 0.12.0
qemu qemu 0.12.0
qemu qemu 0.12.1
qemu qemu 0.12.2
qemu qemu 0.12.3
qemu qemu 0.12.4
qemu qemu 0.12.5
qemu qemu 0.13.0
qemu qemu 0.13.0
qemu qemu 0.13.0
qemu qemu 0.14.0
qemu qemu 0.14.0
qemu qemu 0.14.0
qemu qemu 0.14.0
qemu qemu 0.14.1
qemu qemu 0.15.0
qemu qemu 0.15.0
qemu qemu 0.15.1
qemu qemu 0.15.2
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.4.1
qemu qemu 1.4.2
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.1
qemu qemu 1.5.2
qemu qemu 1.5.3
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.1
qemu qemu 1.6.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "71A5DC34-0211-4CCC-BBF1-8A8EB759BACB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "535B1295-C195-4EFD-8509-C6DE3FAF3F3E",
              "versionEndIncluding": "1.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC82CD08-F151-489C-9BC4-50C8C9583718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D04344-C6CE-40D5-97ED-42B3DBA1AAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CC4D45-66BE-4C23-B541-DD4604ACC9FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E41058D-380C-4098-96FB-53CC158ED420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE12226-C599-45A2-8CFD-32753F94204B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C06F8832-B32F-4352-B048-A4ADCE85373E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5278C685-988B-40D7-9AE9-B4FB8AF41C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C6B20B-2E5D-4D25-885A-227A4BE5EEBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2FF7251-031D-4A9B-9AF0-1FFE556456D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D942D17-1AA9-4D5A-8F5E-0F4F762522D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2519BF-5F68-4096-8DE2-2C7BCF7200D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B00BD71-2AE5-47BA-999A-7E89590B86C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA6701A9-78CC-49D0-A40A-CB1C774400AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B5A7F2-B5B2-46CF-BBD0-AB986A8E55EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEBD56F-EFBC-4620-A77C-E215A7AFDAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C45EA44-ECD1-40A7-89CE-D770BDC9DB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83088B0F-A6F8-4F47-99C0-09FEA234272F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E948D4-6C1A-43D2-B128-1A728FD61703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6470915C-CA3C-42CA-B69B-0FC40A33D02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "759505BA-6F19-4BAE-8297-D8F30EEC8D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A98CC34-2DB7-46CD-AA60-A7C08DDF22B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E424B63B-DCD8-4209-A4CB-84C1EDF5B255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9576AA2-2FDD-4063-8D84-DE8DB063AC54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "544368B2-37BE-41DD-8DC2-F04B6A394696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14A6B570-09CE-4AFF-AC8C-51F37FC79811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC5670FB-B9EA-4B9C-BB7B-575494F12CA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1D35E0-2033-4ADE-9ADA-3B45996B53B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6205775B-4A83-498F-A60E-54473F5D5704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8BCDB83-93ED-43CC-9D12-FAB227BE48CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "39A6382B-A08C-4D58-B3F9-D74132A74B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7483B9F2-246C-4B78-9EFA-7734B7209054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83436B8-AFC9-4AA2-8414-1F703812718D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCA47F54-B59B-45EC-B5D4-DF544E4BE1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4786DEA6-6F23-4969-B7E0-C664FCB2284E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA3CABBB-9C1F-4ACD-A2AC-8320348DDA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0ED046D-26E2-4E01-BAB1-F86249A2E827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94A2973F-4CDA-4B8D-8331-FD14394AB906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "A4EF80C9-6950-412E-975F-058F20DF9F04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "921698C0-DCE3-4604-8ED3-B327273D6EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F75C73E2-9137-4EAB-8D76-B0B22C391A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE2585F-9F3C-445C-B0A4-CC214B23F2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F061815-F34A-431A-9BF3-020348CB5C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE5017A8-9600-422D-A612-CBEF1C3A1E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "340D614F-7B0B-4CB3-AEF3-26360FADF67C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C71C7DAD-86D5-4E9B-9549-C9FBD48AE22C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "37E501EA-4C70-48F1-9822-5575AFAA8783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "77FCC2AD-2FDA-484B-B4A6-D842404DEE59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48D2B63-5171-45E6-BF19-DFC63FA6683D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7750C948-7169-44F1-A834-AE52BFBDC701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD07B7AA-7237-44A9-B8BB-ACEC48BAFBEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD38AD65-FF40-431B-BA2C-D55A7D0737A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36233339-A9DF-4ACD-89A6-F79CB07E1568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F385658D-5D5C-49E6-8C67-FE4321CDCE1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "0A74A421-6012-4BEC-802D-7A05D20AF285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EB41C21C-B250-40D1-ADC1-B03866794417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77768E6F-408A-48A7-9F67-B8E1760DBA11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "8162E07B-718E-41B3-B19C-A933CC1E2710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0229959-6909-482B-9446-68C9B3021510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7048A380-A251-42D7-B081-CDB38B6A27F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EA71FFE-E41F-4128-A598-EDF446D9A045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EE446FA1-FBB8-4B76-904C-F4664703BFBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "80621FFA-6189-47CD-9A6A-1D5A781862AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5773C0-7714-496A-B038-9C02B99D8F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77D3B9C-CE03-4F1C-BA0C-EBC406AF7A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E66599D-9EC4-409C-BD26-62EC3B001984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1CF80F8D-5402-4AA6-ABB1-EEBD8EA0BBDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "92FE0592-3611-4F93-A0B2-73ADFBF87FB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "795EDF48-6FE0-4DE7-A57F-632BF0043677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "17B83487-28EC-4EF0-9703-BD86384C1276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15A780B6-2BF3-480C-A519-16D1BFF2FC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8771F32-FFD2-43BD-B660-2CA8F6C41C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "01E89E31-F32D-4035-8923-7A5728E75DDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "436BABC6-3D1C-4945-AADF-ED4D7C686E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C3307CBF-525D-4F66-A7A6-B0B273C0BD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "E0A03725-CE1B-451F-8E14-9168E417692C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA86C99D-E544-471F-8F8E-94525E600132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "998961D0-6B1E-4237-AFC3-2E1E4D90BDE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "35B1E3F1-4647-47FF-9546-0742F10B607B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0147F4B2-0591-4681-AE24-975AB6A349D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "97757FF0-D0D6-4BFE-811A-6398D8520D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F126B1-284B-4B3A-8540-1498628C46F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "508383F4-B6EE-4C64-AE63-209EA87DF557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC5BC38-FFBD-4484-943D-47A0AADD20B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de enteros en la funci\u00f3n qcow_open en block/qcow.c en QEMU anterior a 1.7.2 permite a atacantes remotos causara una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una tabla L2 grande en un imagen QCOW versi\u00f3n 1."
    }
  ],
  "id": "CVE-2014-0222",
  "lastModified": "2024-11-21T02:01:40.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-04T21:55:25.187",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3044"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/67357"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-08-04 14:15
Modified
2024-11-21 08:34
Summary
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.
Impacted products
Vendor Product Version
qemu qemu *
qemu qemu 8.1.0
qemu qemu 8.1.0
qemu qemu 8.1.0
fedoraproject fedora 38



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "423C1B29-97E6-4574-84B0-1F68F1A65DAF",
              "versionEndExcluding": "8.1.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:8.1.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "2F730D08-43CC-4FFC-9C37-42C1D69518E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:8.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D61909EC-7FFA-4600-86F9-E9AA303D2A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:8.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "8414D556-72A7-4082-AB77-5ADE46A31179",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla de lectura de memoria fuera de los l\u00edmites en el dispositivo nvme virtual en QEMU. El proceso QEMU no valida un desplazamiento proporcionado por el invitado antes de calcular un puntero de la memoria del host, que se utiliza para copiar datos al invitado. Se puede revelar memoria arbitraria en relaci\u00f3n con un b\u00fafer asignado."
    }
  ],
  "id": "CVE-2023-4135",
  "lastModified": "2024-11-21T08:34:27.810",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-04T14:15:12.173",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-4135"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230915-0012/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-4135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230915-0012/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-09 21:29
Modified
2024-11-21 03:14
Summary
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
Impacted products
Vendor Product Version
qemu qemu *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D424025B-4108-494F-9F84-492EF5B4B5E5",
              "versionEndIncluding": "2.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto que la implementaci\u00f3n del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignaci\u00f3n de memoria sin enlazar, ya que no limit\u00f3 las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. Un cliente VCN malicioso remoto podr\u00eda emplear este fallo para provocar DoS en el host del servidor."
    }
  ],
  "id": "CVE-2017-15124",
  "lastModified": "2024-11-21T03:14:07.103",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-09T21:29:00.343",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/102295"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:0816"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:1104"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:1113"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:3062"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://usn.ubuntu.com/3575-1/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/102295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:0816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:1104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:1113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:3062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/3575-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2018/dsa-4213"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-03-15 15:59
Modified
2024-11-21 02:43
Summary
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
References
cve@mitre.orghttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2017/01/20/14Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2017/01/21/4Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/95770Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:2392Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlThird Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201702-28Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/01/20/14Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2017/01/21/4Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/95770Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2392Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201702-28Third Party Advisory
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 8.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A965C2D1-C447-4324-95A4-27285ECF8909",
              "versionEndIncluding": "2.8.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations."
    },
    {
      "lang": "es",
      "value": "P\u00e9rdida de memoria en hw/watchdog/wdt_i6300esb.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a usuarios locales privilegiados locales del SO invitado provocar una denegaci\u00f3n de servicio (consumo de memoria del host y ca\u00edda del proceso QEMU) a trav\u00e9s de un gran n\u00famero de operaciones de desenchufado del dispositivo."
    }
  ],
  "id": "CVE-2016-10155",
  "lastModified": "2024-11-21T02:43:25.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-15T15:59:00.170",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/01/20/14"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/01/21/4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95770"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2392"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201702-28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/01/20/14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/01/21/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201702-28"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-11-02 22:29
Modified
2024-11-21 03:53
Summary
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
Impacted products
Vendor Product Version
qemu qemu *
qemu qemu 3.1.0
qemu qemu 3.1.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AFB9CD-95CF-4552-A8C1-1B4F496925B6",
              "versionEndIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:3.1.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "C726BD36-EA1B-4260-ABCD-29587B584058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:3.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "58E67452-3056-42CF-A6A0-EFB854366642",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado un problema de acceso fuera de l\u00edmites al b\u00fafer de memoria din\u00e1mica (heap) r/w en la emulaci\u00f3n NVM Express Controller en QEMU. Podr\u00eda ocurrir en las rutinas nvme_cmb_ops en el dispositivo nvme. Un proceso/usuario invitado podr\u00eda emplear este error para provocar el cierre inesperado del proceso QEMU, lo que resulta en una denegaci\u00f3n de servicio (DoS) o en la potencial ejecuci\u00f3n de c\u00f3digo arbitrario con los privilegios del proceso QEMU."
    }
  ],
  "id": "CVE-2018-16847",
  "lastModified": "2024-11-21T03:53:26.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 5.3,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-02T22:29:00.347",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105866"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3826-1/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2018/11/02/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3826-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2018/11/02/1"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 05:00
Summary
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F3096A-D0CB-496D-A4B0-F5D495F93EF6",
              "versionEndIncluding": "5.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service."
    },
    {
      "lang": "es",
      "value": "En QEMU versiones hasta 5.0.0, se encontr\u00f3 un desbordamiento de enteros en la implementaci\u00f3n del controlador de pantalla SM501. Este fallo ocurre en la macro COPY_AREA al manejar operaciones de escritura MMIO por medio de la devoluci\u00f3n de llamada de sm501_2d_engine_write(). Un atacante local podr\u00eda abusar de este fallo para bloquear el proceso QEMU en la funci\u00f3n sm501_2d_operation() en el archivo hw/display/sm501.c en el host, resultando en una denegaci\u00f3n de servicio"
    }
  ],
  "id": "CVE-2020-12829",
  "lastModified": "2024-11-21T05:00:21.443",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 3.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-31T15:15:10.463",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808510"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4467-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808510"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4467-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4760"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-10 00:59
Modified
2024-11-21 02:57
Summary
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 8.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C",
              "versionEndIncluding": "2.7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings."
    },
    {
      "lang": "es",
      "value": "hw/scsi/vmw_pvscsi.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (acceso fuera de l\u00edmites o bucle infinito y ca\u00edda del proceso QEMU) a trav\u00e9s de un conteo de p\u00e1ginas manipuladas para anillos de descriptor."
    }
  ],
  "id": "CVE-2016-7155",
  "lastModified": "2024-11-21T02:57:36.527",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-10T00:59:12.263",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/09/06/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/09/07/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92772"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/09/06/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/09/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-12-20 21:29
Modified
2024-11-21 04:00
Summary
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34A3C97E-3E60-462F-B5D0-E5664277AC66",
              "versionEndIncluding": "3.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings."
    },
    {
      "lang": "es",
      "value": "hw/rdma/vmw/pvrdma_cmd.c en QEMU permite que los atacantes provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL o asignaci\u00f3n de memoria excesiva) en create_cq_ring o create_qp_rings."
    }
  ],
  "id": "CVE-2018-20125",
  "lastModified": "2024-11-21T04:00:54.397",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-20T21:29:00.917",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2018/12/19/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106298"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3923-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2018/12/19/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3923-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-04-13 17:59
Modified
2024-11-21 02:38
Summary
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
Impacted products
Vendor Product Version
qemu qemu *
debian debian_linux 8.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E0091D0-CCD9-4017-A266-32576814AE63",
              "versionEndIncluding": "2.5.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash)."
    },
    {
      "lang": "es",
      "value": "El Human Monitor Interface support in QEMU permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de escritura y aplicaci\u00f3n fuera de l\u00edmites)."
    }
  ],
  "id": "CVE-2015-8619",
  "lastModified": "2024-11-21T02:38:49.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-13T17:59:00.513",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3471"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/79668"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201604-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/12/23/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/79668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201604-01"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-05-21 18:55
Modified
2024-11-21 01:50
Severity ?
Summary
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
secalert@redhat.comhttp://osvdb.org/93032
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0791.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0896.html
secalert@redhat.comhttp://secunia.com/advisories/53325Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/05/06/5
secalert@redhat.comhttp://www.securityfocus.com/bid/59675
secalert@redhat.comhttp://www.securitytracker.com/id/1028521
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=956082
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84047
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/93032
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0791.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0896.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53325Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/05/06/5
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/59675
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1028521
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=956082
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84047
Impacted products
Vendor Product Version
qemu qemu 1.4.1



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files."
    },
    {
      "lang": "es",
      "value": "El agente qemu en en Qemu 1.4.1 y anteriores, usado por Xen, cuando se inicia en modo demonio, utiliza permisos d\u00e9biles para determinados archivos, lo que permite a usuarios locales leer y escribir sobre estos archivos."
    }
  ],
  "id": "CVE-2013-2007",
  "lastModified": "2024-11-21T01:50:51.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-05-21T18:55:02.623",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/93032"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0791.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0896.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53325"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/06/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/59675"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1028521"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956082"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/93032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0791.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0896.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/05/06/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/59675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84047"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-11-04 21:55
Modified
2024-11-21 01:55
Severity ?
Summary
Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.
Impacted products
Vendor Product Version
qemu qemu *
qemu qemu 0.1.0
qemu qemu 0.1.1
qemu qemu 0.1.2
qemu qemu 0.1.3
qemu qemu 0.1.4
qemu qemu 0.1.5
qemu qemu 0.1.6
qemu qemu 0.2.0
qemu qemu 0.3.0
qemu qemu 0.4.0
qemu qemu 0.4.1
qemu qemu 0.4.2
qemu qemu 0.4.3
qemu qemu 0.5.0
qemu qemu 0.5.1
qemu qemu 0.5.2
qemu qemu 0.5.3
qemu qemu 0.5.4
qemu qemu 0.5.5
qemu qemu 0.6.0
qemu qemu 0.6.1
qemu qemu 0.7.0
qemu qemu 0.7.1
qemu qemu 0.7.2
qemu qemu 0.8.0
qemu qemu 0.8.1
qemu qemu 0.8.2
qemu qemu 0.9.0
qemu qemu 0.9.1
qemu qemu 0.9.1-5
qemu qemu 0.10.0
qemu qemu 0.10.1
qemu qemu 0.10.2
qemu qemu 0.10.3
qemu qemu 0.10.4
qemu qemu 0.10.5
qemu qemu 0.10.6
qemu qemu 0.11.0
qemu qemu 0.11.0
qemu qemu 0.11.0
qemu qemu 0.11.0
qemu qemu 0.11.0-rc0
qemu qemu 0.11.0-rc1
qemu qemu 0.11.0-rc2
qemu qemu 0.11.1
qemu qemu 0.12.0
qemu qemu 0.12.0
qemu qemu 0.12.0
qemu qemu 0.12.1
qemu qemu 0.12.2
qemu qemu 0.12.3
qemu qemu 0.12.4
qemu qemu 0.12.5
qemu qemu 0.13.0
qemu qemu 0.13.0
qemu qemu 0.13.0
qemu qemu 0.14.0
qemu qemu 0.14.0
qemu qemu 0.14.0
qemu qemu 0.14.0
qemu qemu 0.14.1
qemu qemu 0.15.0
qemu qemu 0.15.0
qemu qemu 0.15.1
qemu qemu 0.15.2
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0
qemu qemu 1.0.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.1
qemu qemu 1.4.1
qemu qemu 1.4.2
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.0
qemu qemu 1.5.1
qemu qemu 1.5.2
qemu qemu 1.5.3
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.1
qemu qemu 1.6.2



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "535B1295-C195-4EFD-8509-C6DE3FAF3F3E",
              "versionEndIncluding": "1.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC82CD08-F151-489C-9BC4-50C8C9583718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D04344-C6CE-40D5-97ED-42B3DBA1AAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CC4D45-66BE-4C23-B541-DD4604ACC9FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E41058D-380C-4098-96FB-53CC158ED420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE12226-C599-45A2-8CFD-32753F94204B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C06F8832-B32F-4352-B048-A4ADCE85373E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5278C685-988B-40D7-9AE9-B4FB8AF41C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6C6B20B-2E5D-4D25-885A-227A4BE5EEBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2FF7251-031D-4A9B-9AF0-1FFE556456D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D942D17-1AA9-4D5A-8F5E-0F4F762522D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2519BF-5F68-4096-8DE2-2C7BCF7200D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B00BD71-2AE5-47BA-999A-7E89590B86C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA6701A9-78CC-49D0-A40A-CB1C774400AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B5A7F2-B5B2-46CF-BBD0-AB986A8E55EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEBD56F-EFBC-4620-A77C-E215A7AFDAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C45EA44-ECD1-40A7-89CE-D770BDC9DB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83088B0F-A6F8-4F47-99C0-09FEA234272F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E948D4-6C1A-43D2-B128-1A728FD61703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6470915C-CA3C-42CA-B69B-0FC40A33D02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "759505BA-6F19-4BAE-8297-D8F30EEC8D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A98CC34-2DB7-46CD-AA60-A7C08DDF22B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E424B63B-DCD8-4209-A4CB-84C1EDF5B255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9576AA2-2FDD-4063-8D84-DE8DB063AC54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "544368B2-37BE-41DD-8DC2-F04B6A394696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14A6B570-09CE-4AFF-AC8C-51F37FC79811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC5670FB-B9EA-4B9C-BB7B-575494F12CA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1D35E0-2033-4ADE-9ADA-3B45996B53B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6205775B-4A83-498F-A60E-54473F5D5704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8BCDB83-93ED-43CC-9D12-FAB227BE48CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "39A6382B-A08C-4D58-B3F9-D74132A74B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7483B9F2-246C-4B78-9EFA-7734B7209054",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83436B8-AFC9-4AA2-8414-1F703812718D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCA47F54-B59B-45EC-B5D4-DF544E4BE1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4786DEA6-6F23-4969-B7E0-C664FCB2284E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA3CABBB-9C1F-4ACD-A2AC-8320348DDA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0ED046D-26E2-4E01-BAB1-F86249A2E827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94A2973F-4CDA-4B8D-8331-FD14394AB906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "A4EF80C9-6950-412E-975F-058F20DF9F04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "921698C0-DCE3-4604-8ED3-B327273D6EAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F75C73E2-9137-4EAB-8D76-B0B22C391A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE2585F-9F3C-445C-B0A4-CC214B23F2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F061815-F34A-431A-9BF3-020348CB5C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE5017A8-9600-422D-A612-CBEF1C3A1E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "340D614F-7B0B-4CB3-AEF3-26360FADF67C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C71C7DAD-86D5-4E9B-9549-C9FBD48AE22C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "37E501EA-4C70-48F1-9822-5575AFAA8783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "77FCC2AD-2FDA-484B-B4A6-D842404DEE59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B48D2B63-5171-45E6-BF19-DFC63FA6683D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7750C948-7169-44F1-A834-AE52BFBDC701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD07B7AA-7237-44A9-B8BB-ACEC48BAFBEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD38AD65-FF40-431B-BA2C-D55A7D0737A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36233339-A9DF-4ACD-89A6-F79CB07E1568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F385658D-5D5C-49E6-8C67-FE4321CDCE1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "0A74A421-6012-4BEC-802D-7A05D20AF285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EB41C21C-B250-40D1-ADC1-B03866794417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77768E6F-408A-48A7-9F67-B8E1760DBA11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "8162E07B-718E-41B3-B19C-A933CC1E2710",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A0229959-6909-482B-9446-68C9B3021510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7048A380-A251-42D7-B081-CDB38B6A27F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EA71FFE-E41F-4128-A598-EDF446D9A045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EE446FA1-FBB8-4B76-904C-F4664703BFBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "80621FFA-6189-47CD-9A6A-1D5A781862AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E5773C0-7714-496A-B038-9C02B99D8F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77D3B9C-CE03-4F1C-BA0C-EBC406AF7A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E66599D-9EC4-409C-BD26-62EC3B001984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1CF80F8D-5402-4AA6-ABB1-EEBD8EA0BBDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "92FE0592-3611-4F93-A0B2-73ADFBF87FB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "795EDF48-6FE0-4DE7-A57F-632BF0043677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "17B83487-28EC-4EF0-9703-BD86384C1276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15A780B6-2BF3-480C-A519-16D1BFF2FC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8771F32-FFD2-43BD-B660-2CA8F6C41C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "01E89E31-F32D-4035-8923-7A5728E75DDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "436BABC6-3D1C-4945-AADF-ED4D7C686E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C3307CBF-525D-4F66-A7A6-B0B273C0BD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "E0A03725-CE1B-451F-8E14-9168E417692C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA86C99D-E544-471F-8F8E-94525E600132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "998961D0-6B1E-4237-AFC3-2E1E4D90BDE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "35B1E3F1-4647-47FF-9546-0742F10B607B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0147F4B2-0591-4681-AE24-975AB6A349D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "97757FF0-D0D6-4BFE-811A-6398D8520D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F126B1-284B-4B3A-8540-1498628C46F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "508383F4-B6EE-4C64-AE63-209EA87DF557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC5BC38-FFBD-4484-943D-47A0AADD20B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de buffer en la funci\u00f3n tsc210x_load en hw/input/tsc210x.c en QEMU anterior a 1.7.2 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor (1) precision, (2) nextprecision, (3) function, o (4) nextfunction manipulado en un imagen savevm."
    }
  ],
  "id": "CVE-2013-4539",
  "lastModified": "2024-11-21T01:55:47.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-04T21:55:24.860",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-10 00:59
Modified
2024-11-21 02:56
Summary
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.