Vulnerabilites related to qemu - qemu
Vulnerability from fkie_nvd
Published
2007-10-30 22:46
Modified
2024-11-21 00:38
Severity ?
Summary
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | 0.8.2 | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 4.0 | |
opensuse | opensuse | 11.0 | |
opensuse | opensuse | 11.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 \"mtu\" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of \"NE2000 network driver and the socket code,\" but this is the correct identifier for the mtu overflow vulnerability." }, { "lang": "es", "value": "El emulador NE2000 en QEMU 0.8.2 permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de la escritura de la estructura ethernet con un tama\u00f1o mayor que el MTU en el registro EN0_TCNT, lo cual dispara un desbordamiento de b\u00fafer basado en pila en la libreria slirp, tambi\u00e9n conocida como desbordamiento de pila NE2000 \"mtu\". NOTA: algunas fuentes han utilizado CVE-2007-1321 para referenciar este asunto como una parte de \"el controlado de red NE2000 y el c\u00f3digo de conexi\u00f3n,\" pero este es el indentificador correcto para la vulnerabilidad de desbordamiento de mtu." } ], "id": "CVE-2007-5729", "lastModified": "2024-11-21T00:38:33.857", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-10-30T22:46:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://osvdb.org/42986" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/25073" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/25095" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/27486" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/29129" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/33568" }, { "source": "cve@mitre.org", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "http://taviso.decsystem.org/virtsec.pdf" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2007/dsa-1284" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/23731" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/1597" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38238" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://osvdb.org/42986" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/25073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/25095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/27486" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/29129" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/33568" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "http://taviso.decsystem.org/virtsec.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2007/dsa-1284" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/23731" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/1597" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38238" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.", "lastModified": "2007-11-02T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-10-05 16:59
Modified
2024-11-21 02:58
Severity ?
Summary
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A965C2D1-C447-4324-95A4-27285ECF8909", "versionEndIncluding": "2.8.1.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "9F615830-8EC7-41C0-9A77-6C7D4E718429", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "15D5C1F9-C3B4-4733-8782-0E54AE543C16", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "286D3DE9-9796-42AE-88E1-F6E04BF8B449", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "B54248FC-FD5C-445E-BD8F-886D9D8736D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "89FB8D92-4A3A-4B52-93B0-6F809D313C40", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:2.9.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "06A8F83F-3551-4F3B-A0C9-EE6B8BA5436A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags." }, { "lang": "es", "value": "La funci\u00f3n imx_fec_do_tx function in hw/net/imx_fec.c en QEMU (tambi\u00e9n conocido como Quick Emulator) no limita adecuadamente el recuento del descriptor de b\u00fafer cuando trasmite paquetes, lo que permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (bucle infinito y ca\u00edda del proceso QEMU) a trav\u00e9s de vectores relacionados con un descriptor de b\u00fafer con una longitud de 0 y valores manipulados en bd.flags." } ], "id": "CVE-2016-7907", "lastModified": "2024-11-21T02:58:41.120", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-10-05T16:59:10.070", "references": [ { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/03/1" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/03/4" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/93274" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201611-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/03/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/03/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/93274" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201611-11" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" }, { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-06-08 16:29
Modified
2024-11-21 03:35
Severity ?
Summary
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
debian | debian_linux | 8.0 | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A965C2D1-C447-4324-95A4-27285ECF8909", "versionEndIncluding": "2.8.1.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505." }, { "lang": "es", "value": "QEMU (tambi\u00e9n conocido como Quick Emulator), cuando se integra con soporte USB OHCI Emulation, permite que usuarios invitados locales del sistema operativo provoquen una denegaci\u00f3n de servicio (bucle infinito) aprovechando un valor de retorno incorrecto." } ], "id": "CVE-2017-9330", "lastModified": "2024-11-21T03:35:50.773", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-06-08T16:29:00.607", "references": [ { "source": "cve@mitre.org", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3920" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/06/01/3" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/98779" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457697" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201706-03" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3920" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/06/01/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/98779" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457697" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201706-03" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-835" }, { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-10-30 22:46
Modified
2024-11-21 00:38
Severity ?
Summary
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | 0.8.2 | |
xen | xen | * | |
debian | debian_linux | 3.1 | |
debian | debian_linux | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the \"net socket listen\" option, aka QEMU \"net socket\" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of \"NE2000 network driver and the socket code,\" but this is the correct identifier for the individual net socket listen vulnerability." }, { "lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en QEMU versi\u00f3n 0.8.2, como es usado en Xen y posiblemente otros productos, permite a usuarios locales ejecutar c\u00f3digo arbitrario por medio de datos dise\u00f1ados en la opci\u00f3n \"net socket listen\", tambi\u00e9n se conoce como desbordamiento de pila \"net socket\" de QEMU. NOTA: algunas fuentes han usado el CVE-2007-1321 para referirse a este problema como parte de \"NE2000 network driver and the socket code\u201d, pero este es el identificador correcto para la vulnerabilidad de escucha de socket de red individual." } ], "id": "CVE-2007-5730", "lastModified": "2024-11-21T00:38:34.023", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-10-30T22:46:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://osvdb.org/42985" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "Vendor Advisory" ], "url": "http://secunia.com/advisories/25073" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/25095" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/27486" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/29129" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/29963" }, { "source": "cve@mitre.org", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "http://taviso.decsystem.org/virtsec.pdf" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2007/dsa-1284" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/23731" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/1597" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38239" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://osvdb.org/42985" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "Vendor Advisory" ], "url": "http://secunia.com/advisories/25073" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/25095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/27486" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/29129" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/29963" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Technical Description", "Third Party Advisory" ], "url": "http://taviso.decsystem.org/virtsec.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2007/dsa-1284" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0194.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/23731" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/1597" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38239" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5729\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "lastModified": "2007-11-02T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-01-23 20:15
Modified
2024-11-21 02:33
Severity ?
Summary
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "2047404E-2637-46D0-980C-ABEE8D3453C4", "versionEndExcluding": "2.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "FDDF9823-D999-41A4-BB7B-A63C00ACE11B", "vulnerable": true }, { "criteria": "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*", "matchCriteriaId": "51F7426A-46F7-4BE0-806F-F4598C8B0426", "vulnerable": true }, { "criteria": "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*", "matchCriteriaId": "E7F71EBA-27AC-464B-8708-4E8971BC75A7", "vulnerable": true }, { "criteria": "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*", "matchCriteriaId": "8705CF80-DEFC-4425-8E23-D98FFD678157", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message." }, { "lang": "es", "value": "Un desbordamiento del b\u00fafer en la funci\u00f3n send_control_msg en el archivo hw/char/virtio-serial-bus.c en QEMU versiones anteriores a 2.4.0, permite a usuarios invitados causar una denegaci\u00f3n de servicio (bloqueo del proceso de QEMU) por medio de un mensaje de control de virtio dise\u00f1ado." } ], "id": "CVE-2015-5745", "lastModified": "2024-11-21T02:33:45.560", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-01-23T20:15:12.090", "references": [ { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/08/06/3" }, { "source": "secalert@redhat.com", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/08/06/5" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/08/06/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/08/06/5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-10-16 18:29
Modified
2024-11-21 03:14
Severity ?
Summary
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE828526-81EF-4807-8E73-E0FC56034D8B", "versionEndIncluding": "2.10.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation." }, { "lang": "es", "value": "Las funciones de escritura mode4and5 en hw/display/cirrus_vga.c en Qemu permiten que usuarios del sistema operativo invitados con privilegios provoquen una denegaci\u00f3n de servicio (acceso de lectura fuera de l\u00edmites y cierre inesperado del proceso Qemu) mediante vectores relacionados con el c\u00e1lculo dst." } ], "id": "CVE-2017-15289", "lastModified": "2024-11-21T03:14:23.710", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-10-16T18:29:00.623", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/10/12/16" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/101262" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3368" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3369" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3466" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3470" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3471" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3472" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3473" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3474" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0516" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3575-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4213" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/10/12/16" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/101262" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3368" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3466" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3470" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3471" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3472" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3474" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:0516" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501290" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3575-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4213" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-12-10 00:59
Modified
2024-11-21 02:56
Severity ?
Summary
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CF78B06-34D3-4BF8-883B-7B9643BBA7CE", "versionEndIncluding": "2.6.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:2.7.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "FA78F261-DEB3-46D5-9998-106F6210755E", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:2.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F121048B-9387-40C6-A919-7F9A4A847EA5", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:2.7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "7A102329-A5FB-4B9C-9094-BDA595807A56", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length." }, { "lang": "es", "value": "La funci\u00f3n net_tx_pkt_do_sw_fragmentation en hw/net/net_tx_pkt.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (bucle infinito y ca\u00edda del proceso QEMU) a trav\u00e9s de una longitud cero para la longitud del fragmento actual." } ], "id": "CVE-2016-6834", "lastModified": "2024-11-21T02:56:55.567", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-12-10T00:59:05.120", "references": [ { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/8" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/08/18/7" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92446" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201609-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/08/18/7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92446" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201609-01" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-04-23 15:55
Modified
2024-11-21 02:07
Severity ?
Summary
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
qemu | qemu | 0.1.0 | |
qemu | qemu | 0.1.1 | |
qemu | qemu | 0.1.2 | |
qemu | qemu | 0.1.3 | |
qemu | qemu | 0.1.4 | |
qemu | qemu | 0.1.5 | |
qemu | qemu | 0.1.6 | |
qemu | qemu | 0.2.0 | |
qemu | qemu | 0.3.0 | |
qemu | qemu | 0.4.0 | |
qemu | qemu | 0.4.1 | |
qemu | qemu | 0.4.2 | |
qemu | qemu | 0.4.3 | |
qemu | qemu | 0.5.0 | |
qemu | qemu | 0.5.1 | |
qemu | qemu | 0.5.2 | |
qemu | qemu | 0.5.3 | |
qemu | qemu | 0.5.4 | |
qemu | qemu | 0.5.5 | |
qemu | qemu | 0.6.0 | |
qemu | qemu | 0.6.1 | |
qemu | qemu | 0.7.0 | |
qemu | qemu | 0.7.1 | |
qemu | qemu | 0.7.2 | |
qemu | qemu | 0.8.0 | |
qemu | qemu | 0.8.1 | |
qemu | qemu | 0.8.2 | |
qemu | qemu | 0.9.0 | |
qemu | qemu | 0.9.1 | |
qemu | qemu | 0.9.1-5 | |
qemu | qemu | 0.10.0 | |
qemu | qemu | 0.10.1 | |
qemu | qemu | 0.10.2 | |
qemu | qemu | 0.10.3 | |
qemu | qemu | 0.10.4 | |
qemu | qemu | 0.10.5 | |
qemu | qemu | 0.10.6 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0-rc0 | |
qemu | qemu | 0.11.0-rc1 | |
qemu | qemu | 0.11.0-rc2 | |
qemu | qemu | 0.11.1 | |
qemu | qemu | 0.12.0 | |
qemu | qemu | 0.12.0 | |
qemu | qemu | 0.12.0 | |
qemu | qemu | 0.12.1 | |
qemu | qemu | 0.12.2 | |
qemu | qemu | 0.12.3 | |
qemu | qemu | 0.12.4 | |
qemu | qemu | 0.12.5 | |
qemu | qemu | 0.13.0 | |
qemu | qemu | 0.13.0 | |
qemu | qemu | 0.13.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.1 | |
qemu | qemu | 0.15.0 | |
qemu | qemu | 0.15.0 | |
qemu | qemu | 0.15.1 | |
qemu | qemu | 0.15.2 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1.1 | |
qemu | qemu | 1.1.2 | |
qemu | qemu | 1.2.0 | |
qemu | qemu | 1.2.0 | |
qemu | qemu | 1.2.0 | |
qemu | qemu | 1.2.0 | |
qemu | qemu | 1.2.0 | |
qemu | qemu | 1.2.1 | |
qemu | qemu | 1.2.2 | |
qemu | qemu | 1.3.0 | |
qemu | qemu | 1.3.0 | |
qemu | qemu | 1.3.0 | |
qemu | qemu | 1.3.0 | |
qemu | qemu | 1.3.1 | |
qemu | qemu | 1.4.0 | |
qemu | qemu | 1.4.0 | |
qemu | qemu | 1.4.1 | |
qemu | qemu | 1.4.2 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.1 | |
qemu | qemu | 1.5.2 | |
qemu | qemu | 1.5.3 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.1 | |
qemu | qemu | 1.6.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "535B1295-C195-4EFD-8509-C6DE3FAF3F3E", "versionEndIncluding": "1.7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC82CD08-F151-489C-9BC4-50C8C9583718", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "75D04344-C6CE-40D5-97ED-42B3DBA1AAD7", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "71CC4D45-66BE-4C23-B541-DD4604ACC9FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2E41058D-380C-4098-96FB-53CC158ED420", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "BFE12226-C599-45A2-8CFD-32753F94204B", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C06F8832-B32F-4352-B048-A4ADCE85373E", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "5278C685-988B-40D7-9AE9-B4FB8AF41C8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6C6B20B-2E5D-4D25-885A-227A4BE5EEBB", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2FF7251-031D-4A9B-9AF0-1FFE556456D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D942D17-1AA9-4D5A-8F5E-0F4F762522D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A2519BF-5F68-4096-8DE2-2C7BCF7200D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "6B00BD71-2AE5-47BA-999A-7E89590B86C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CA6701A9-78CC-49D0-A40A-CB1C774400AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "40B5A7F2-B5B2-46CF-BBD0-AB986A8E55EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBEBD56F-EFBC-4620-A77C-E215A7AFDAFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C45EA44-ECD1-40A7-89CE-D770BDC9DB4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "83088B0F-A6F8-4F47-99C0-09FEA234272F", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "17E948D4-6C1A-43D2-B128-1A728FD61703", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "6470915C-CA3C-42CA-B69B-0FC40A33D02D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "759505BA-6F19-4BAE-8297-D8F30EEC8D8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A98CC34-2DB7-46CD-AA60-A7C08DDF22B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "E424B63B-DCD8-4209-A4CB-84C1EDF5B255", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9576AA2-2FDD-4063-8D84-DE8DB063AC54", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "544368B2-37BE-41DD-8DC2-F04B6A394696", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "14A6B570-09CE-4AFF-AC8C-51F37FC79811", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC5670FB-B9EA-4B9C-BB7B-575494F12CA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F1D35E0-2033-4ADE-9ADA-3B45996B53B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "6205775B-4A83-498F-A60E-54473F5D5704", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*", "matchCriteriaId": "F8BCDB83-93ED-43CC-9D12-FAB227BE48CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "39A6382B-A08C-4D58-B3F9-D74132A74B86", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "7483B9F2-246C-4B78-9EFA-7734B7209054", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "A83436B8-AFC9-4AA2-8414-1F703812718D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "BCA47F54-B59B-45EC-B5D4-DF544E4BE1AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "4786DEA6-6F23-4969-B7E0-C664FCB2284E", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "EA3CABBB-9C1F-4ACD-A2AC-8320348DDA99", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "E0ED046D-26E2-4E01-BAB1-F86249A2E827", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "94A2973F-4CDA-4B8D-8331-FD14394AB906", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "A4EF80C9-6950-412E-975F-058F20DF9F04", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "921698C0-DCE3-4604-8ED3-B327273D6EAD", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "F75C73E2-9137-4EAB-8D76-B0B22C391A2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*", "matchCriteriaId": "4BE2585F-9F3C-445C-B0A4-CC214B23F2B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*", "matchCriteriaId": "9F061815-F34A-431A-9BF3-020348CB5C45", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*", "matchCriteriaId": "DE5017A8-9600-422D-A612-CBEF1C3A1E1C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "340D614F-7B0B-4CB3-AEF3-26360FADF67C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71C7DAD-86D5-4E9B-9549-C9FBD48AE22C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "37E501EA-4C70-48F1-9822-5575AFAA8783", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "77FCC2AD-2FDA-484B-B4A6-D842404DEE59", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "B48D2B63-5171-45E6-BF19-DFC63FA6683D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "7750C948-7169-44F1-A834-AE52BFBDC701", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "CD07B7AA-7237-44A9-B8BB-ACEC48BAFBEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "CD38AD65-FF40-431B-BA2C-D55A7D0737A0", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "36233339-A9DF-4ACD-89A6-F79CB07E1568", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "F385658D-5D5C-49E6-8C67-FE4321CDCE1D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "0A74A421-6012-4BEC-802D-7A05D20AF285", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EB41C21C-B250-40D1-ADC1-B03866794417", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "77768E6F-408A-48A7-9F67-B8E1760DBA11", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "8162E07B-718E-41B3-B19C-A933CC1E2710", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "A0229959-6909-482B-9446-68C9B3021510", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "7048A380-A251-42D7-B081-CDB38B6A27F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EA71FFE-E41F-4128-A598-EDF446D9A045", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EE446FA1-FBB8-4B76-904C-F4664703BFBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "80621FFA-6189-47CD-9A6A-1D5A781862AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "9E5773C0-7714-496A-B038-9C02B99D8F74", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B77D3B9C-CE03-4F1C-BA0C-EBC406AF7A62", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E66599D-9EC4-409C-BD26-62EC3B001984", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1CF80F8D-5402-4AA6-ABB1-EEBD8EA0BBDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "92FE0592-3611-4F93-A0B2-73ADFBF87FB8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "795EDF48-6FE0-4DE7-A57F-632BF0043677", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "17B83487-28EC-4EF0-9703-BD86384C1276", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "15A780B6-2BF3-480C-A519-16D1BFF2FC5D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E8771F32-FFD2-43BD-B660-2CA8F6C41C5D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "01E89E31-F32D-4035-8923-7A5728E75DDF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "436BABC6-3D1C-4945-AADF-ED4D7C686E35", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "C3307CBF-525D-4F66-A7A6-B0B273C0BD7C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0A03725-CE1B-451F-8E14-9168E417692C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1FB5077-7D1C-4B98-998B-C65C544AD371", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "09EADA68-1ECE-4E1C-A569-365CF8B18133", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D91661E-9274-4612-A755-A69EDB0028DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.2.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "BA54473B-120C-43F7-955C-BB2248A0BFF5", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1FF40A15-517E-42D6-A487-4AFD36C27503", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "5730508B-C582-423C-9457-E7D6D68A630A", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "AEFDAE1D-D9AA-44E6-97B1-BD62B1FB8A67", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C8F93D54-2943-41FC-9277-FEEFC435158F", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B2BF6665-E3DD-4094-8CC8-3348B7A9EA20", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "29138484-758B-4BD9-8688-8794557EACA3", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.3.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "628A0AB2-44C8-4A87-B564-EA8A98DD3366", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EF31E3F3-27B9-45F1-A132-D43516C01DFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "E6CA6017-71FD-4EB0-98CE-67ABF87BA3A7", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D03CD41F-3E92-4070-88E2-5BE76A26F7BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.4.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "AB50F890-EE24-4470-9319-759F039A84EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D16D8476-AFFB-4D94-8E96-929AF142C981", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA86C99D-E544-471F-8F8E-94525E600132", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "998961D0-6B1E-4237-AFC3-2E1E4D90BDE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "35B1E3F1-4647-47FF-9546-0742F10B607B", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "0147F4B2-0591-4681-AE24-975AB6A349D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "97757FF0-D0D6-4BFE-811A-6398D8520D28", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "46F126B1-284B-4B3A-8540-1498628C46F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "508383F4-B6EE-4C64-AE63-209EA87DF557", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EEC5BC38-FFBD-4484-943D-47A0AADD20B8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption." }, { "lang": "es", "value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en la funci\u00f3n cmd_smart en la autoprueba SMART en hw/ide/core.c en QEMU anterior a 2.0 permite a usuarios locales tener impacto no especificado a trav\u00e9s de un comando SMART EXECUTE OFFLINE que provoca un subdesbordamiento de buffer (buffer underflow) y corrupci\u00f3n de memoria." } ], "id": "CVE-2014-2894", "lastModified": "2024-11-21T02:07:09.020", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-04-23T15:55:05.157", "references": [ { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/57945" }, { "source": "secalert@redhat.com", "url": "http://secunia.com/advisories/58191" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/04/15/4" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/04/18/5" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/66932" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2182-1" }, { "source": "secalert@redhat.com", "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html" }, { "source": "secalert@redhat.com", "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html" }, { "source": "secalert@redhat.com", "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0704.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/57945" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/58191" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/04/15/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/04/18/5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/66932" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2182-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-08-31 10:59
Modified
2024-11-21 02:28
Severity ?
Summary
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABF17A18-4BE8-41B7-B50C-F4A137B3B2F1", "versionEndIncluding": "2.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4367A8B9-ABB9-4E4E-9A2A-85719CBE8DAC", "versionEndIncluding": "2.6.32", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "FDDF9823-D999-41A4-BB7B-A63C00ACE11B", "vulnerable": true }, { "criteria": "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*", "matchCriteriaId": "51F7426A-46F7-4BE0-806F-F4598C8B0426", "vulnerable": true }, { "criteria": "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*", "matchCriteriaId": "E7F71EBA-27AC-464B-8708-4E8971BC75A7", "vulnerable": true }, { "criteria": "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*", "matchCriteriaId": "8705CF80-DEFC-4425-8E23-D98FFD678157", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:lenovo:emc_px12-400r_ivx:*:*:*:*:*:*:*:*", "matchCriteriaId": "19E383C6-5DB4-4D42-BC8E-70CEA527FAEF", "versionEndExcluding": "1.0.10.33264", "vulnerable": true }, { "criteria": "cpe:2.3:o:lenovo:emc_px12-450r_ivx:*:*:*:*:*:*:*:*", "matchCriteriaId": "811FD71F-FC60-478B-B257-A7019AE6F88A", "versionEndExcluding": "1.0.10.33264", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "9835B192-FE11-4FB6-B1D8-C47530A46014", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "19F5A4C6-E90F-4B33-8B28-D57FC36E3866", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "39E542B7-500F-4B9E-B712-886C593525E9", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D9F97AEB-F4DB-4F1F-A69C-5EF8CBBFAFE6", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "D0C69E57-48DE-467F-8ADD-B4601CE1611E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "35A9FD70-E9CA-43AF-A453-E41EAB430E7F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "742A198F-D40F-4B32-BB9C-C5EF5B09C3E7", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.1_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "5B6ED0AA-CD87-47A5-8E82-C9C7BD14F1AE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "8E5B5F9E-D749-45E5-8538-7CED9620C00C", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "188019BF-3700-4B3F-BFA5-553B2B545B7F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "9B8B2E32-B838-4E51-BAA2-764089D2A684", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "4319B943-7B19-468D-A160-5895F7F997A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F732C7C9-A9CC-4DEF-A8BE-D0F18C944C78", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "55DF5F02-550E-41E0-86A3-862F2785270C", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "AA5F8426-5EEB-4013-BE49-8E705DA140B9", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "8C7E9628-0915-4C49-8929-F5E060A20CBB", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5C450C83-695F-4408-8B4F-0E7D6DDAE345", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "3707B08D-8A78-48CB-914C-33A753D13FC7", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index." }, { "lang": "es", "value": "Vulnerabilidad en pit_ioport_read en i8254.c en el kernel de Linux en versiones anteriores a 2.6.33 y en QEMU en versiones anteriores a 2.3.1, no distingue entre longitudes de lectura y longitudes de escritura, lo que podr\u00eda permitir a los usuarios invitados del SO ejecutar c\u00f3digo arbitrario en el host del SO desencadenando el uso de un \u00edndice no v\u00e1lido." } ], "id": "CVE-2015-3214", "lastModified": "2024-11-21T02:28:55.273", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2015-08-31T10:59:07.580", "references": [ { "source": "secalert@redhat.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3348" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2015/06/25/7" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/75273" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032598" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201510-02" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://support.lenovo.com/product_security/qemu" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://support.lenovo.com/us/en/product_security/qemu" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/37990/" }, { "source": "secalert@redhat.com", "url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3348" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2015/06/25/7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/75273" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032598" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201510-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.lenovo.com/product_security/qemu" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.lenovo.com/us/en/product_security/qemu" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://www.exploit-db.com/exploits/37990/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-06-16 18:59
Modified
2024-11-21 02:48
Severity ?
Summary
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 15.10 | |
canonical | ubuntu_linux | 16.04 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "585C8283-F180-4305-BFA0-B125754DFCC6", "versionEndIncluding": "2.5.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control." }, { "lang": "es", "value": "La funci\u00f3n ne2000_receive en el soporte de emulaci\u00f3n NE2000 NIC (hw/net/ne2000.c) en QEMU en versiones anteriores a 2.5.1 permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (bucle infinito y ca\u00edda del proceso QEMU) a trav\u00e9s de valores manipulados para los registros PSTART y PSTOP, involucrando control de anillo de buffer." } ], "id": "CVE-2016-2841", "lastModified": "2024-11-21T02:48:55.230", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-06-16T18:59:07.203", "references": [ { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2016/03/02/8" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/84028" }, { "source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2974-1" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303106" }, { "source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html" }, { "source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201609-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=415ab35a441eca767d033a2702223e785b9d5190" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://lists.nongnu.org/archive/html/qemu-stable/2016-03/msg00064.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2016/03/02/8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/84028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2974-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1303106" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06126.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201609-01" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-07-27 19:29
Modified
2024-11-21 03:23
Severity ?
5.4 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server | 7.0 | |
redhat | enterprise_linux_server_aus | 7.4 | |
redhat | enterprise_linux_server_eus | 7.4 | |
redhat | enterprise_linux_server_eus | 7.5 | |
redhat | enterprise_linux_workstation | 6.0 | |
redhat | enterprise_linux_workstation | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "28E9188E-054F-4D32-ABB7-79F588AFB98E", "versionEndExcluding": "1.7.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the \u0027vnc_refresh_server_surface\u0027. A user inside a guest could use this flaw to crash the QEMU process." }, { "lang": "es", "value": "Se ha encontrado un problema de acceso a la memoria fuera de l\u00edmites en Quick Emulator (QEMU) en versiones anteriores a la 1.7.2 en el controlador de pantalla VNC. Esta vulnerabilidad podr\u00eda ocurrir mientras se refresca la superficie del display de VNC en el \"vnc_refresh_server_surface\". Un usuario dentro de un guest podr\u00eda usar esta vulnerabilidad para provocar el cierre inesperado del proceso de QEMU." } ], "id": "CVE-2017-2633", "lastModified": "2024-11-21T03:23:52.417", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "secalert@redhat.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-27T19:29:00.533", "references": [ { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/96417" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1205" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1206" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1441" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1856" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633" }, { "source": "secalert@redhat.com", "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7" }, { "source": "secalert@redhat.com", "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/96417" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1205" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1206" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1441" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1856" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" }, { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-12-10 00:59
Modified
2024-11-21 02:57
Severity ?
Summary
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C", "versionEndIncluding": "2.7.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "matchCriteriaId": "4E9AF77C-5D49-4842-9817-AD710A919073", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value." }, { "lang": "es", "value": "La funci\u00f3n virtqueue_map_desc en hw/virtio/virtio.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda del proceso QEMU) a trav\u00e9s de un gran valor de longitud de b\u00fafer descriptor de I/O." } ], "id": "CVE-2016-7422", "lastModified": "2024-11-21T02:57:58.590", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-12-10T00:59:18.687", "references": [ { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/16/10" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/16/4" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92996" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2392" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2408" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201609-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=973e7170dddefb491a48df5cba33b2ae151013a0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/16/10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/16/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92996" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2408" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201609-01" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-05-13 16:15
Modified
2024-11-21 05:46
Severity ?
Summary
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "326C44E5-259C-47D1-B540-E153CD7C907C", "versionEndIncluding": "5.2.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability." }, { "lang": "es", "value": "Se encontr\u00f3 un fallo de condici\u00f3n de carrera en la implementaci\u00f3n del servidor 9pfs de QEMU versiones hasta 5.2.0 incluy\u00e9ndola.\u0026#xa0;Este fallo permite a un cliente 9p malicioso causar un error de uso de la memoria previamente liberada, escalando potencialmente sus privilegios en el sistema.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad as\u00ed como la disponibilidad del sistema" } ], "id": "CVE-2021-20181", "lastModified": "2024-11-21T05:46:04.983", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-05-13T16:15:07.653", "references": [ { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927007" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210720-0009/" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-159/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927007" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210720-0009/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-159/" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-367" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-362" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-02-13 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
fedoraproject | fedora | 16 | |
fedoraproject | fedora | 17 | |
fedoraproject | fedora | 18 | |
opensuse | opensuse | 12.1 | |
opensuse | opensuse | 12.2 | |
suse | linux_enterprise_server | 11 | |
redhat | enterprise_linux_desktop | 5.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 5.9 | |
redhat | enterprise_linux_eus | 6.4 | |
redhat | enterprise_linux_server | 5.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server_aus | 5.9 | |
redhat | enterprise_linux_server_aus | 6.4 | |
redhat | enterprise_linux_workstation | 5.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
redhat | virtualization | 3.0 | |
redhat | enterprise_linux | 6.0 | |
debian | debian_linux | 6.0 | |
canonical | ubuntu_linux | 10.04 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E663E62-0A5F-4B37-B629-51EE53A5FDCD", "versionEndExcluding": "1.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*", "matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*", "matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "6252E88C-27FF-420D-A64A-C34124CF7E6A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet." }, { "lang": "es", "value": "Desbordamiento de buffer en la funci\u00f3n e1000_receive del controlador de dispositivo e1000 (hw/e1000.c) en QEMU v1.3.0-rc2 y otras versiones, cuando las banderas de PAS y LPE est\u00e1n deshabilitadas, permiten ataques remotos que provocan una denegaci\u00f3n de servicios (errores en el sistema operativo invitado) y posiblemente ejecutar c\u00f3digo arbitrario." } ], "id": "CVE-2012-6075", "lastModified": "2024-11-21T01:45:46.030", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-02-13T01:55:03.027", "references": [ { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0599.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0608.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0609.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0610.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0639.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/55082" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2607" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2608" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2619" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2012/12/30/1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/57420" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1692-1" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0599.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0608.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0609.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0610.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0639.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/55082" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2607" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2608" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2013/dsa-2619" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2012/12/30/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/57420" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-1692-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889301" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-12-09 22:59
Modified
2024-11-21 03:00
Severity ?
Summary
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C", "versionEndIncluding": "2.7.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de entero en las funciones (1) v9fs_xattr_read y (2) v9fs_xattr_write en hw/9pfs/9p.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permiten a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso QEMU) mediante un desplazamiento manipulado, lo que desencadena un acceso fuera de los l\u00edmites." } ], "id": "CVE-2016-9104", "lastModified": "2024-11-21T03:00:36.320", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-12-09T22:59:10.593", "references": [ { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/28/2" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/30/8" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/93956" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201611-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/28/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/30/8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/93956" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201611-11" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-07-06 16:29
Modified
2024-11-21 03:36
Severity ?
Summary
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B8E599C-1E63-4D90-9BE4-9ADA35192912", "versionEndIncluding": "2.9.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function." }, { "lang": "es", "value": "El servidor qemu-nbd en QEMU (tambi\u00e9n se conoce como Quick Emulator), cuando se ensambl\u00f3 con el soporte del servidor Network Block Device (NBD), permite a los atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y fallo del servidor) aprovechando el fallo para garantizar que toda la inicializaci\u00f3n ocurre antes de hablar con un cliente en la funci\u00f3n nbd_negotiate." } ], "id": "CVE-2017-9524", "lastModified": "2024-11-21T03:36:19.667", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-07-06T16:29:00.467", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3925" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/06/12/1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99011" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1681" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1682" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2408" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3925" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/06/12/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99011" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1681" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1682" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2408" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-07-02 20:15
Modified
2024-11-21 05:05
Severity ?
Summary
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7F3096A-D0CB-496D-A4B0-F5D495F93EF6", "versionEndIncluding": "5.0.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference." }, { "lang": "es", "value": "En QEMU versi\u00f3n 4.2.0, un objeto MemoryRegionOps puede carecer de m\u00e9todos de devoluci\u00f3n de llamada de lectura y escritura, conllevando a una desreferencia del puntero NULL" } ], "id": "CVE-2020-15469", "lastModified": "2024-11-21T05:05:34.400", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-07-02T20:15:11.227", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/07/02/1" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2020/07/02/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-09-29 03:15
Modified
2024-11-21 02:01
Severity ?
Summary
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
redhat | virtualization | 3.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_eus | 6.5 | |
redhat | enterprise_linux_openstack_platform | 5 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server_aus | 6.5 | |
redhat | enterprise_linux_server_tus | 6.5 | |
redhat | enterprise_linux_workstation | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "17C21D4E-49B0-4DED-99BA-DBE313C548BC", "versionEndExcluding": "2.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "569964DA-31BE-4520-A66D-C3B09D557AB8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_openstack_platform:5:*:*:*:*:*:*:*", "matchCriteriaId": "C0D1C568-6B3A-4F73-977E-DAA981736120", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process." }, { "lang": "es", "value": "Los controladores de bloque de QEMU versiones anteriores a 2.0.0 para CLOOP, QCOW2 versi\u00f3n 2 y varios otros formatos de imagen son vulnerables a posibles corrupciones de memoria, desbordamientos de enteros/buffer o bloqueos causados por falta de comprobaciones de entrada que podr\u00edan permitir a un usuario remoto ejecutar c\u00f3digo arbitrario en el host con los privilegios del proceso QEMU" } ], "id": "CVE-2014-0144", "lastModified": "2024-11-21T02:01:28.347", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-09-29T03:15:11.087", "references": [ { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0" }, { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85" }, { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21" }, { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41" }, { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc" }, { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6" }, { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a" }, { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b" }, { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646" }, { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97" }, { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079240" }, { "source": "secalert@redhat.com", "url": "https://www.vulnerabilitycenter.com/#%21vul=44767" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1079240" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.vulnerabilitycenter.com/#%21vul=44767" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-12-29 22:59
Modified
2024-11-21 02:39
Severity ?
Summary
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CDD0AC9-F6E4-47B3-A0E9-C1E7D7F8837F", "versionEndIncluding": "2.4.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS." }, { "lang": "es", "value": "QEMU (tambi\u00e9n conocido como Quick Emulator) construido con un soporte de emulador VMWARE VMXNET3 paravirtual NIC es vulnerable a un problema de ca\u00edda. Ocurre cuando un invitado env\u00eda un paquete Layer-2 m\u00e1s peque\u00f1o que 22 bytes. Un usuario invitado privilegiado (CAP_SYS_RAWIO) podr\u00eda usar esta falla para bloquear la instancia de proceso QEMU resultando en DoS." } ], "id": "CVE-2015-8744", "lastModified": "2024-11-21T02:39:05.410", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-12-29T22:59:00.230", "references": [ { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2016/dsa-3471" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/04/3" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/04/6" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/79821" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034576" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1270871" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201602-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2016/dsa-3471" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/04/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/01/04/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/79821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034576" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1270871" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201602-01" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-06-02 15:15
Modified
2024-11-21 04:22
Severity ?
Summary
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | - | |
debian | debian_linux | 9.0 | |
debian | debian_linux | 10.0 | |
debian | debian_linux | 11.0 | |
fedoraproject | fedora | 30 | |
redhat | openstack_platform | 10.0 | |
redhat | openstack_platform | 14.0 | |
redhat | enterprise_linux | 8.0 | |
redhat | enterprise_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D9E0C78-9678-4CEE-9389-962CF618A51F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "542B31BD-5767-4B33-9201-40548D1223B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack_platform:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "C17C9440-DF92-484F-954D-DE75F099D7A8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header \u0027ad-\u003ecur_cmd\u0027 is null." }, { "lang": "es", "value": "La funci\u00f3n ahci_commit_buf en el archivo ide/ahci.c en QEMU permite a atacantes causar una denegaci\u00f3n de servicio (derivaci\u00f3n de NULL) cuando el encabezado del comando \"ad-)cur_cmd\" es null" } ], "id": "CVE-2019-12067", "lastModified": "2024-11-21T04:22:10.133", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-06-02T15:15:07.680", "references": [ { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1145642" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security-tracker.debian.org/tracker/CVE-2019-12067" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210727-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1145642" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security-tracker.debian.org/tracker/CVE-2019-12067" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210727-0001/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-02-19 14:29
Modified
2024-11-21 04:42
Severity ?
4.4 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
fedoraproject | fedora | 29 | |
fedoraproject | fedora | 30 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 | |
opensuse | leap | 42.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "801F5492-704C-4941-B434-627286BD70B4", "versionEndIncluding": "3.1.0", "versionStartIncluding": "2.10.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host." }, { "lang": "es", "value": "QEMU, hasta la versi\u00f3n 2.10 y la 3.1.0, es vulnerable a una lectura fuera de l\u00edmites de hasta 128 bytes en la funci\u00f3n hw/i2c/i2c-ddc.c:i2c_ddc(). Un atacante local con permisos para ejecutar comandos i2c podr\u00eda aprovechar este hecho para leer la memoria de pila del proceso qemu en el host." } ], "id": "CVE-2019-3812", "lastModified": "2024-11-21T04:42:35.553", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-02-19T14:29:00.193", "references": [ { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/107059" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812" }, { "source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" }, { "source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/" }, { "source": "secalert@redhat.com", "url": "https://seclists.org/bugtraq/2019/May/76" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3923-1/" }, { "source": "secalert@redhat.com", "url": "https://www.debian.org/security/2019/dsa-4454" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00094.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00040.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/107059" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/May/76" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3923-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2019/dsa-4454" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "secalert@redhat.com", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2017-08-02 19:29
Modified
2024-11-21 03:07
Severity ?
Summary
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B8E599C-1E63-4D90-9BE4-9ADA35192912", "versionEndIncluding": "2.9.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area." }, { "lang": "es", "value": "La funci\u00f3n address_space_write_continue en exec.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a los usuarios invitado locales con privilegios del sistema operativo provocar una denegaci\u00f3n de servicio (acceso fuera de los l\u00edmites y detenci\u00f3n de las instancias de la cuenta de invitado) usando qemu_map_ram_ptr para acceder al \u00e1rea del bloque de memoria ram del invitado." } ], "id": "CVE-2017-11334", "lastModified": "2024-11-21T03:07:35.017", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-02T19:29:00.710", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3925" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/07/17/4" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99895" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3369" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3466" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3470" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3471" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3472" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3473" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3474" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471638" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3575-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2017/dsa-3925" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/07/17/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/99895" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3369" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3466" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3470" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3471" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3472" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:3474" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471638" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3575-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-11-04 21:59
Modified
2024-11-21 02:59
Severity ?
Summary
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C", "versionEndIncluding": "2.7.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation." }, { "lang": "es", "value": "Fuga de memoria en la funci\u00f3n v9fs_read en hw/9pfs/9p.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de vectores relacionados con una operaci\u00f3n de lectura I/O." } ], "id": "CVE-2016-8577", "lastModified": "2024-11-21T02:59:36.143", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-11-04T21:59:01.520", "references": [ { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/10/13" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/10/7" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/93473" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201611-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/10/13" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/10/7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/93473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201611-11" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-772" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-07-27 21:29
Modified
2024-11-21 03:01
Severity ?
5.5 (Medium) - CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
9.9 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
citrix | xenserver | 6.0.2 | |
citrix | xenserver | 6.2.0 | |
citrix | xenserver | 6.5 | |
citrix | xenserver | 7.0 | |
citrix | xenserver | 7.1 | |
redhat | openstack | 5.0 | |
redhat | openstack | 6.0 | |
redhat | openstack | 7.0 | |
redhat | openstack | 8 | |
redhat | openstack | 9 | |
redhat | openstack | 10 | |
debian | debian_linux | 7.0 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_desktop | 7.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_server | 7.0 | |
redhat | enterprise_linux_server_aus | 7.3 | |
redhat | enterprise_linux_server_aus | 7.4 | |
redhat | enterprise_linux_server_eus | 7.3 | |
redhat | enterprise_linux_server_eus | 7.4 | |
redhat | enterprise_linux_server_eus | 7.5 | |
redhat | enterprise_linux_workstation | 6.0 | |
redhat | enterprise_linux_workstation | 7.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "296F09E2-48CC-4B5F-BE4F-04760D389E39", "versionEndExcluding": "2.9.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FCF191B-971A-4945-AB14-08091689BE2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "878949E0-D656-4E0E-858A-C6AD948A2A2F", "vulnerable": true }, { "criteria": "cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "DBCF6643-ACDE-4DDB-8B01-D952DDF8951E", "vulnerable": true }, { "criteria": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "405F950F-0772-41A3-8B72-B67151CC1376", "vulnerable": true }, { "criteria": "cpe:2.3:a:citrix:xenserver:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5647AEA-DCE6-4950-A7EB-05465ECDDE16", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*", "matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A heap buffer overflow flaw was found in QEMU\u0027s Cirrus CLGD 54xx VGA emulator\u0027s VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process." }, { "lang": "es", "value": "Se ha detectado una vulnerabilidad de desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en el soporte del controlador de pantalla VNC del emulador Cirrus CLGD 54xx VGA de QEMU en versiones anteriores a la 2.9. El problema pod\u00eda ocurrir cuando un cliente VNC intentaba actualizar su pantalla despu\u00e9s de que un invitado realizara una operaci\u00f3n VGA. Un usuario/proceso privilegiado dentro de un guest podr\u00eda usar esta vulnerabilidad para provocar que el proceso de QEMU se cierre inesperadamente o, potencialmente, ejecutar c\u00f3digo arbitrario en el host con privilegios del proceso de QEMU." } ], "id": "CVE-2016-9603", "lastModified": "2024-11-21T03:01:29.667", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.0" }, "exploitabilityScore": 1.3, "impactScore": 3.7, "source": "secalert@redhat.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-27T21:29:00.290", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/96893" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038023" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0980" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0981" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0982" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0983" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0984" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0985" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0987" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0988" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1205" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1206" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1441" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html" }, { "source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201706-03" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://support.citrix.com/article/CTX221578" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/96893" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0980" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0981" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0982" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0983" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0984" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0985" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0987" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:0988" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1205" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1206" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:1441" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201706-03" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.citrix.com/article/CTX221578" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-122" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-12-24 18:29
Modified
2024-11-21 00:54
Severity ?
Summary
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "6205775B-4A83-498F-A60E-54473F5D5704", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended." }, { "lang": "es", "value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en monitor.c en Qemu 0.9.1 podr\u00eda facilitar a atacantes remotos adivinar la contrase\u00f1a VNC, que est\u00e1 limitada a siete caracteres cuando se habr\u00edan previsto ocho." } ], "id": "CVE-2008-5714", "lastModified": "2024-11-21T00:54:43.183", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-12-24T18:29:15.890", "references": [ { "source": "cve@mitre.org", "url": "http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html" }, { "source": "cve@mitre.org", "url": "http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/33568" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/34642" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/35062" }, { "source": "cve@mitre.org", "url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5966" }, { "source": "cve@mitre.org", "url": "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu\u0026r1=5966\u0026r2=5965\u0026pathrev=5966" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33020" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-776-1" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47683" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/33568" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34642" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35062" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5966" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu\u0026r1=5966\u0026r2=5965\u0026pathrev=5966" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-776-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47683" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5.", "lastModified": "2009-02-26T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-10-04 17:55
Modified
2024-11-21 01:55
Severity ?
Summary
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
opensuse | opensuse | 12.3 | |
opensuse | opensuse | 13.1 | |
redhat | enterprise_linux_desktop | 6.0 | |
redhat | enterprise_linux_server | 6.0 | |
redhat | enterprise_linux_workstation | 6.0 | |
redhat | virtualization | 3.0 | |
redhat | enterprise_linux | 6.0 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 | |
canonical | ubuntu_linux | 13.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "12706271-F21F-4DB9-9084-9CFD925DA763", "versionEndIncluding": "1.6.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true }, { "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command." }, { "lang": "es", "value": "Desbordamiento de buffer en la implementaci\u00f3n SCSI de QEMU, tal como es usado en Xen, cuando un controlador SCSI tiene m\u00e1s de 256 dispositivos adjuntos, permite a usuarios locales obtener privilegios a trav\u00e9s de un buffer de peque\u00f1a transferencia en un comando REPORT LUNS." } ], "id": "CVE-2013-4344", "lastModified": "2024-11-21T01:55:23.530", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-10-04T17:55:09.913", "references": [ { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link" ], "url": "http://osvdb.org/98028" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2013/10/02/2" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/62773" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2092-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://article.gmane.org/gmane.comp.emulators.qemu/237191" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://osvdb.org/98028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1553.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1754.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2013/10/02/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/62773" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2092-1" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-01-23 20:15
Modified
2024-11-21 02:32
Severity ?
Summary
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
fedoraproject | fedora | 21 | |
fedoraproject | fedora | 22 | |
fedoraproject | fedora | 23 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 15.04 | |
arista | eos | 4.12 | |
arista | eos | 4.13 | |
arista | eos | 4.14 | |
arista | eos | 4.15 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EDB883F-B428-47EF-AAB3-BD647220C91A", "versionEndExcluding": "2.4.0.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*", "matchCriteriaId": "FDDF9823-D999-41A4-BB7B-A63C00ACE11B", "vulnerable": true }, { "criteria": "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*", "matchCriteriaId": "51F7426A-46F7-4BE0-806F-F4598C8B0426", "vulnerable": true }, { "criteria": "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*", "matchCriteriaId": "E7F71EBA-27AC-464B-8708-4E8971BC75A7", "vulnerable": true }, { "criteria": "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*", "matchCriteriaId": "8705CF80-DEFC-4425-8E23-D98FFD678157", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets." }, { "lang": "es", "value": "La funci\u00f3n ne2000_receive en el archivo hw/net/ne2000.c en QEMU versiones anteriores a 2.4.0.1, permite a atacantes causar una denegaci\u00f3n de servicio (bucle infinito y bloqueo de instancia) o posiblemente ejecutar c\u00f3digo arbitrario mediante vectores relacionados a la recepci\u00f3n de paquetes." } ], "id": "CVE-2015-5278", "lastModified": "2024-11-21T02:32:42.060", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-01-23T20:15:11.967", "references": [ { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/09/15/2" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2745-1" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/09/15/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2745-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-835" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-12-20 23:29
Modified
2024-11-21 04:01
Severity ?
Summary
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 | |
fedoraproject | fedora | 29 | |
fedoraproject | fedora | 30 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "34A3C97E-3E60-462F-B5D0-E5664277AC66", "versionEndIncluding": "3.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference)." }, { "lang": "es", "value": "hw/rdma/vmw/pvrdma_main.c en QEMU no implementa una operaci\u00f3n de lectura (como uar_read por analog\u00eda con uar_write), lo que permite que los atacantes provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL)." } ], "id": "CVE-2018-20191", "lastModified": "2024-11-21T04:01:03.550", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-12-20T23:29:02.223", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2018/12/18/1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106276" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" }, { "source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3923-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2018/12/18/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106276" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3923-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-11-04 21:55
Modified
2024-11-21 02:01
Severity ?
Summary
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
suse | linux_enterprise_server | 11.0 | |
qemu | qemu | * | |
qemu | qemu | 0.1.0 | |
qemu | qemu | 0.1.1 | |
qemu | qemu | 0.1.2 | |
qemu | qemu | 0.1.3 | |
qemu | qemu | 0.1.4 | |
qemu | qemu | 0.1.5 | |
qemu | qemu | 0.1.6 | |
qemu | qemu | 0.2.0 | |
qemu | qemu | 0.3.0 | |
qemu | qemu | 0.4.0 | |
qemu | qemu | 0.4.1 | |
qemu | qemu | 0.4.2 | |
qemu | qemu | 0.4.3 | |
qemu | qemu | 0.5.0 | |
qemu | qemu | 0.5.1 | |
qemu | qemu | 0.5.2 | |
qemu | qemu | 0.5.3 | |
qemu | qemu | 0.5.4 | |
qemu | qemu | 0.5.5 | |
qemu | qemu | 0.6.0 | |
qemu | qemu | 0.6.1 | |
qemu | qemu | 0.7.0 | |
qemu | qemu | 0.7.1 | |
qemu | qemu | 0.7.2 | |
qemu | qemu | 0.8.0 | |
qemu | qemu | 0.8.1 | |
qemu | qemu | 0.8.2 | |
qemu | qemu | 0.9.0 | |
qemu | qemu | 0.9.1 | |
qemu | qemu | 0.9.1-5 | |
qemu | qemu | 0.10.0 | |
qemu | qemu | 0.10.1 | |
qemu | qemu | 0.10.2 | |
qemu | qemu | 0.10.3 | |
qemu | qemu | 0.10.4 | |
qemu | qemu | 0.10.5 | |
qemu | qemu | 0.10.6 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0-rc0 | |
qemu | qemu | 0.11.0-rc1 | |
qemu | qemu | 0.11.0-rc2 | |
qemu | qemu | 0.11.1 | |
qemu | qemu | 0.12.0 | |
qemu | qemu | 0.12.0 | |
qemu | qemu | 0.12.0 | |
qemu | qemu | 0.12.1 | |
qemu | qemu | 0.12.2 | |
qemu | qemu | 0.12.3 | |
qemu | qemu | 0.12.4 | |
qemu | qemu | 0.12.5 | |
qemu | qemu | 0.13.0 | |
qemu | qemu | 0.13.0 | |
qemu | qemu | 0.13.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.1 | |
qemu | qemu | 0.15.0 | |
qemu | qemu | 0.15.0 | |
qemu | qemu | 0.15.1 | |
qemu | qemu | 0.15.2 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.4.1 | |
qemu | qemu | 1.4.2 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.1 | |
qemu | qemu | 1.5.2 | |
qemu | qemu | 1.5.3 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.1 | |
qemu | qemu | 1.6.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "71A5DC34-0211-4CCC-BBF1-8A8EB759BACB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "535B1295-C195-4EFD-8509-C6DE3FAF3F3E", "versionEndIncluding": "1.7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC82CD08-F151-489C-9BC4-50C8C9583718", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "75D04344-C6CE-40D5-97ED-42B3DBA1AAD7", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "71CC4D45-66BE-4C23-B541-DD4604ACC9FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2E41058D-380C-4098-96FB-53CC158ED420", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "BFE12226-C599-45A2-8CFD-32753F94204B", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C06F8832-B32F-4352-B048-A4ADCE85373E", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "5278C685-988B-40D7-9AE9-B4FB8AF41C8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6C6B20B-2E5D-4D25-885A-227A4BE5EEBB", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2FF7251-031D-4A9B-9AF0-1FFE556456D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D942D17-1AA9-4D5A-8F5E-0F4F762522D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A2519BF-5F68-4096-8DE2-2C7BCF7200D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "6B00BD71-2AE5-47BA-999A-7E89590B86C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CA6701A9-78CC-49D0-A40A-CB1C774400AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "40B5A7F2-B5B2-46CF-BBD0-AB986A8E55EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBEBD56F-EFBC-4620-A77C-E215A7AFDAFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C45EA44-ECD1-40A7-89CE-D770BDC9DB4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "83088B0F-A6F8-4F47-99C0-09FEA234272F", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "17E948D4-6C1A-43D2-B128-1A728FD61703", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "6470915C-CA3C-42CA-B69B-0FC40A33D02D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "759505BA-6F19-4BAE-8297-D8F30EEC8D8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A98CC34-2DB7-46CD-AA60-A7C08DDF22B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "E424B63B-DCD8-4209-A4CB-84C1EDF5B255", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9576AA2-2FDD-4063-8D84-DE8DB063AC54", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "544368B2-37BE-41DD-8DC2-F04B6A394696", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "14A6B570-09CE-4AFF-AC8C-51F37FC79811", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC5670FB-B9EA-4B9C-BB7B-575494F12CA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F1D35E0-2033-4ADE-9ADA-3B45996B53B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "6205775B-4A83-498F-A60E-54473F5D5704", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*", "matchCriteriaId": "F8BCDB83-93ED-43CC-9D12-FAB227BE48CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "39A6382B-A08C-4D58-B3F9-D74132A74B86", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "7483B9F2-246C-4B78-9EFA-7734B7209054", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "A83436B8-AFC9-4AA2-8414-1F703812718D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "BCA47F54-B59B-45EC-B5D4-DF544E4BE1AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "4786DEA6-6F23-4969-B7E0-C664FCB2284E", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "EA3CABBB-9C1F-4ACD-A2AC-8320348DDA99", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "E0ED046D-26E2-4E01-BAB1-F86249A2E827", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "94A2973F-4CDA-4B8D-8331-FD14394AB906", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "A4EF80C9-6950-412E-975F-058F20DF9F04", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "921698C0-DCE3-4604-8ED3-B327273D6EAD", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "F75C73E2-9137-4EAB-8D76-B0B22C391A2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*", "matchCriteriaId": "4BE2585F-9F3C-445C-B0A4-CC214B23F2B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*", "matchCriteriaId": "9F061815-F34A-431A-9BF3-020348CB5C45", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*", "matchCriteriaId": "DE5017A8-9600-422D-A612-CBEF1C3A1E1C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "340D614F-7B0B-4CB3-AEF3-26360FADF67C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71C7DAD-86D5-4E9B-9549-C9FBD48AE22C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "37E501EA-4C70-48F1-9822-5575AFAA8783", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "77FCC2AD-2FDA-484B-B4A6-D842404DEE59", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "B48D2B63-5171-45E6-BF19-DFC63FA6683D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "7750C948-7169-44F1-A834-AE52BFBDC701", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "CD07B7AA-7237-44A9-B8BB-ACEC48BAFBEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "CD38AD65-FF40-431B-BA2C-D55A7D0737A0", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "36233339-A9DF-4ACD-89A6-F79CB07E1568", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "F385658D-5D5C-49E6-8C67-FE4321CDCE1D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "0A74A421-6012-4BEC-802D-7A05D20AF285", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EB41C21C-B250-40D1-ADC1-B03866794417", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "77768E6F-408A-48A7-9F67-B8E1760DBA11", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "8162E07B-718E-41B3-B19C-A933CC1E2710", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "A0229959-6909-482B-9446-68C9B3021510", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "7048A380-A251-42D7-B081-CDB38B6A27F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EA71FFE-E41F-4128-A598-EDF446D9A045", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EE446FA1-FBB8-4B76-904C-F4664703BFBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "80621FFA-6189-47CD-9A6A-1D5A781862AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "9E5773C0-7714-496A-B038-9C02B99D8F74", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B77D3B9C-CE03-4F1C-BA0C-EBC406AF7A62", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E66599D-9EC4-409C-BD26-62EC3B001984", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1CF80F8D-5402-4AA6-ABB1-EEBD8EA0BBDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "92FE0592-3611-4F93-A0B2-73ADFBF87FB8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "795EDF48-6FE0-4DE7-A57F-632BF0043677", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "17B83487-28EC-4EF0-9703-BD86384C1276", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "15A780B6-2BF3-480C-A519-16D1BFF2FC5D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E8771F32-FFD2-43BD-B660-2CA8F6C41C5D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "01E89E31-F32D-4035-8923-7A5728E75DDF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "436BABC6-3D1C-4945-AADF-ED4D7C686E35", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "C3307CBF-525D-4F66-A7A6-B0B273C0BD7C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0A03725-CE1B-451F-8E14-9168E417692C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA86C99D-E544-471F-8F8E-94525E600132", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "998961D0-6B1E-4237-AFC3-2E1E4D90BDE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "35B1E3F1-4647-47FF-9546-0742F10B607B", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "0147F4B2-0591-4681-AE24-975AB6A349D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "97757FF0-D0D6-4BFE-811A-6398D8520D28", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "46F126B1-284B-4B3A-8540-1498628C46F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "508383F4-B6EE-4C64-AE63-209EA87DF557", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EEC5BC38-FFBD-4484-943D-47A0AADD20B8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image." }, { "lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n qcow_open en block/qcow.c en QEMU anterior a 1.7.2 permite a atacantes remotos causara una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una tabla L2 grande en un imagen QCOW versi\u00f3n 1." } ], "id": "CVE-2014-0222", "lastModified": "2024-11-21T02:01:40.727", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-11-04T21:55:25.187", "references": [ { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html" }, { "source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3044" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/67357" }, { "source": "secalert@redhat.com", "tags": [ "Exploit" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134053.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67357" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-08-04 14:15
Modified
2024-11-21 08:34
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-4135 | Third Party Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2229101 | Issue Tracking, Patch, Third Party Advisory | |
secalert@redhat.com | https://security.netapp.com/advisory/ntap-20230915-0012/ | Third Party Advisory | |
secalert@redhat.com | https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521 | Broken Link, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-4135 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2229101 | Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230915-0012/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521 | Broken Link, Third Party Advisory, VDB Entry |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "423C1B29-97E6-4574-84B0-1F68F1A65DAF", "versionEndExcluding": "8.1.0", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:8.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "2F730D08-43CC-4FFC-9C37-42C1D69518E1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:8.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "D61909EC-7FFA-4600-86F9-E9AA303D2A63", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:8.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "8414D556-72A7-4082-AB77-5ADE46A31179", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed." }, { "lang": "es", "value": "Se encontr\u00f3 una falla de lectura de memoria fuera de los l\u00edmites en el dispositivo nvme virtual en QEMU. El proceso QEMU no valida un desplazamiento proporcionado por el invitado antes de calcular un puntero de la memoria del host, que se utiliza para copiar datos al invitado. Se puede revelar memoria arbitraria en relaci\u00f3n con un b\u00fafer asignado." } ], "id": "CVE-2023-4135", "lastModified": "2024-11-21T08:34:27.810", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "secalert@redhat.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-08-04T14:15:12.173", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4135" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20230915-0012/" }, { "source": "secalert@redhat.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/security/cve/CVE-2023-4135" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20230915-0012/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-01-09 21:29
Modified
2024-11-21 03:14
Severity ?
Summary
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "D424025B-4108-494F-9F84-492EF5B4B5E5", "versionEndIncluding": "2.11.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host." }, { "lang": "es", "value": "Se ha descubierto que la implementaci\u00f3n del servidor VNC en Quick Emulator (QEMU) 2.11.0 y anteriores es vulnerable a un problema de asignaci\u00f3n de memoria sin enlazar, ya que no limit\u00f3 las actualizaciones de framebuffer enviadas a su cliente. Si el cliente no consume estas actualizaciones, el servidor de VNC asigna memoria que va creciendo para albergar estos datos. Un cliente VCN malicioso remoto podr\u00eda emplear este fallo para provocar DoS en el host del servidor." } ], "id": "CVE-2017-15124", "lastModified": "2024-11-21T03:14:07.103", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-01-09T21:29:00.343", "references": [ { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/102295" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:0816" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:1104" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:1113" }, { "source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2018:3062" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195" }, { "source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/3575-1/" }, { "source": "secalert@redhat.com", "url": "https://www.debian.org/security/2018/dsa-4213" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/102295" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0816" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:1104" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:1113" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:3062" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3575-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2018/dsa-4213" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-770" } ], "source": "secalert@redhat.com", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2017-03-15 15:59
Modified
2024-11-21 02:43
Severity ?
Summary
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "A965C2D1-C447-4324-95A4-27285ECF8909", "versionEndIncluding": "2.8.1.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations." }, { "lang": "es", "value": "P\u00e9rdida de memoria en hw/watchdog/wdt_i6300esb.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a usuarios locales privilegiados locales del SO invitado provocar una denegaci\u00f3n de servicio (consumo de memoria del host y ca\u00edda del proceso QEMU) a trav\u00e9s de un gran n\u00famero de operaciones de desenchufado del dispositivo." } ], "id": "CVE-2016-10155", "lastModified": "2024-11-21T02:43:25.930", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-03-15T15:59:00.170", "references": [ { "source": "cve@mitre.org", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/01/20/14" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/01/21/4" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/95770" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2392" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2408" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201702-28" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/01/20/14" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2017/01/21/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/95770" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2017:2408" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201702-28" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-401" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-11-02 22:29
Modified
2024-11-21 03:53
Severity ?
Summary
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
qemu | qemu | 3.1.0 | |
qemu | qemu | 3.1.0 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "16AFB9CD-95CF-4552-A8C1-1B4F496925B6", "versionEndIncluding": "3.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:3.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "C726BD36-EA1B-4260-ABCD-29587B584058", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:3.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "58E67452-3056-42CF-A6A0-EFB854366642", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process." }, { "lang": "es", "value": "Se ha encontrado un problema de acceso fuera de l\u00edmites al b\u00fafer de memoria din\u00e1mica (heap) r/w en la emulaci\u00f3n NVM Express Controller en QEMU. Podr\u00eda ocurrir en las rutinas nvme_cmb_ops en el dispositivo nvme. Un proceso/usuario invitado podr\u00eda emplear este error para provocar el cierre inesperado del proceso QEMU, lo que resulta en una denegaci\u00f3n de servicio (DoS) o en la potencial ejecuci\u00f3n de c\u00f3digo arbitrario con los privilegios del proceso QEMU." } ], "id": "CVE-2018-16847", "lastModified": "2024-11-21T03:53:26.260", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.0" }, "exploitabilityScore": 1.1, "impactScore": 5.3, "source": "secalert@redhat.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-11-02T22:29:00.347", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105866" }, { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3826-1/" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2018/11/02/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105866" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3826-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2018/11/02/1" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-125" }, { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-08-31 15:15
Modified
2024-11-21 05:00
Severity ?
Summary
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1808510 | Issue Tracking, Patch, Third Party Advisory | |
cve@mitre.org | https://usn.ubuntu.com/4467-1/ | Third Party Advisory | |
cve@mitre.org | https://www.debian.org/security/2020/dsa-4760 | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1808510 | Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4467-1/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4760 | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 20.04 | |
debian | debian_linux | 10.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7F3096A-D0CB-496D-A4B0-F5D495F93EF6", "versionEndIncluding": "5.0.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service." }, { "lang": "es", "value": "En QEMU versiones hasta 5.0.0, se encontr\u00f3 un desbordamiento de enteros en la implementaci\u00f3n del controlador de pantalla SM501. Este fallo ocurre en la macro COPY_AREA al manejar operaciones de escritura MMIO por medio de la devoluci\u00f3n de llamada de sm501_2d_engine_write(). Un atacante local podr\u00eda abusar de este fallo para bloquear el proceso QEMU en la funci\u00f3n sm501_2d_operation() en el archivo hw/display/sm501.c en el host, resultando en una denegaci\u00f3n de servicio" } ], "id": "CVE-2020-12829", "lastModified": "2024-11-21T05:00:21.443", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-08-31T15:15:10.463", "references": [ { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808510" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4467-1/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4760" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808510" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4467-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2020/dsa-4760" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-12-10 00:59
Modified
2024-11-21 02:57
Severity ?
Summary
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "F83E2010-6463-407A-928D-DB71A705A04C", "versionEndIncluding": "2.7.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings." }, { "lang": "es", "value": "hw/scsi/vmw_pvscsi.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite a administradores locales del SO invitado provocar una denegaci\u00f3n de servicio (acceso fuera de l\u00edmites o bucle infinito y ca\u00edda del proceso QEMU) a trav\u00e9s de un conteo de p\u00e1ginas manipuladas para anillos de descriptor." } ], "id": "CVE-2016-7155", "lastModified": "2024-11-21T02:57:36.527", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-12-10T00:59:12.263", "references": [ { "source": "cve@mitre.org", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/06/2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/07/1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92772" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7f61f4690dd153be98900a2a508b88989e692753" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/06/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/07/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/92772" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-12-20 21:29
Modified
2024-11-21 04:00
Severity ?
Summary
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://www.openwall.com/lists/oss-security/2018/12/19/3 | Mailing List, Patch, Third Party Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/106298 | Third Party Advisory, VDB Entry | |
cve@mitre.org | https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html | Mailing List, Patch, Third Party Advisory | |
cve@mitre.org | https://usn.ubuntu.com/3923-1/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2018/12/19/3 | Mailing List, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106298 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html | Mailing List, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3923-1/ | Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 16.04 | |
canonical | ubuntu_linux | 18.04 | |
canonical | ubuntu_linux | 18.10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "34A3C97E-3E60-462F-B5D0-E5664277AC66", "versionEndIncluding": "3.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings." }, { "lang": "es", "value": "hw/rdma/vmw/pvrdma_cmd.c en QEMU permite que los atacantes provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL o asignaci\u00f3n de memoria excesiva) en create_cq_ring o create_qp_rings." } ], "id": "CVE-2018-20125", "lastModified": "2024-11-21T04:00:54.397", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-12-20T21:29:00.917", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2018/12/19/3" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106298" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3923-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2018/12/19/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/106298" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/3923-1/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-476" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-04-13 17:59
Modified
2024-11-21 02:38
Severity ?
Summary
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
debian | debian_linux | 8.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "1E0091D0-CCD9-4017-A266-32576814AE63", "versionEndIncluding": "2.5.1.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash)." }, { "lang": "es", "value": "El Human Monitor Interface support in QEMU permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de escritura y aplicaci\u00f3n fuera de l\u00edmites)." } ], "id": "CVE-2015-8619", "lastModified": "2024-11-21T02:38:49.807", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-04-13T17:59:00.513", "references": [ { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2016/dsa-3471" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/23/1" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/79668" }, { "source": "secalert@redhat.com", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html" }, { "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201604-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2016/dsa-3471" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2015/12/23/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/79668" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201604-01" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-05-21 18:55
Modified
2024-11-21 01:50
Severity ?
Summary
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files." }, { "lang": "es", "value": "El agente qemu en en Qemu 1.4.1 y anteriores, usado por Xen, cuando se inicia en modo demonio, utiliza permisos d\u00e9biles para determinados archivos, lo que permite a usuarios locales leer y escribir sobre estos archivos." } ], "id": "CVE-2013-2007", "lastModified": "2024-11-21T01:50:51.007", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2013-05-21T18:55:02.623", "references": [ { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67" }, { "source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html" }, { "source": "secalert@redhat.com", "url": "http://osvdb.org/93032" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0791.html" }, { "source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0896.html" }, { "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/53325" }, { "source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/05/06/5" }, { "source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/59675" }, { "source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1028521" }, { "source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956082" }, { "source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84047" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/93032" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0791.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0896.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/53325" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/05/06/5" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/59675" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1028521" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956082" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84047" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-11-04 21:55
Modified
2024-11-21 01:55
Severity ?
Summary
Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
qemu | qemu | * | |
qemu | qemu | 0.1.0 | |
qemu | qemu | 0.1.1 | |
qemu | qemu | 0.1.2 | |
qemu | qemu | 0.1.3 | |
qemu | qemu | 0.1.4 | |
qemu | qemu | 0.1.5 | |
qemu | qemu | 0.1.6 | |
qemu | qemu | 0.2.0 | |
qemu | qemu | 0.3.0 | |
qemu | qemu | 0.4.0 | |
qemu | qemu | 0.4.1 | |
qemu | qemu | 0.4.2 | |
qemu | qemu | 0.4.3 | |
qemu | qemu | 0.5.0 | |
qemu | qemu | 0.5.1 | |
qemu | qemu | 0.5.2 | |
qemu | qemu | 0.5.3 | |
qemu | qemu | 0.5.4 | |
qemu | qemu | 0.5.5 | |
qemu | qemu | 0.6.0 | |
qemu | qemu | 0.6.1 | |
qemu | qemu | 0.7.0 | |
qemu | qemu | 0.7.1 | |
qemu | qemu | 0.7.2 | |
qemu | qemu | 0.8.0 | |
qemu | qemu | 0.8.1 | |
qemu | qemu | 0.8.2 | |
qemu | qemu | 0.9.0 | |
qemu | qemu | 0.9.1 | |
qemu | qemu | 0.9.1-5 | |
qemu | qemu | 0.10.0 | |
qemu | qemu | 0.10.1 | |
qemu | qemu | 0.10.2 | |
qemu | qemu | 0.10.3 | |
qemu | qemu | 0.10.4 | |
qemu | qemu | 0.10.5 | |
qemu | qemu | 0.10.6 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0 | |
qemu | qemu | 0.11.0-rc0 | |
qemu | qemu | 0.11.0-rc1 | |
qemu | qemu | 0.11.0-rc2 | |
qemu | qemu | 0.11.1 | |
qemu | qemu | 0.12.0 | |
qemu | qemu | 0.12.0 | |
qemu | qemu | 0.12.0 | |
qemu | qemu | 0.12.1 | |
qemu | qemu | 0.12.2 | |
qemu | qemu | 0.12.3 | |
qemu | qemu | 0.12.4 | |
qemu | qemu | 0.12.5 | |
qemu | qemu | 0.13.0 | |
qemu | qemu | 0.13.0 | |
qemu | qemu | 0.13.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.0 | |
qemu | qemu | 0.14.1 | |
qemu | qemu | 0.15.0 | |
qemu | qemu | 0.15.0 | |
qemu | qemu | 0.15.1 | |
qemu | qemu | 0.15.2 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0 | |
qemu | qemu | 1.0.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.1 | |
qemu | qemu | 1.4.1 | |
qemu | qemu | 1.4.2 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.0 | |
qemu | qemu | 1.5.1 | |
qemu | qemu | 1.5.2 | |
qemu | qemu | 1.5.3 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.0 | |
qemu | qemu | 1.6.1 | |
qemu | qemu | 1.6.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "535B1295-C195-4EFD-8509-C6DE3FAF3F3E", "versionEndIncluding": "1.7.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC82CD08-F151-489C-9BC4-50C8C9583718", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "75D04344-C6CE-40D5-97ED-42B3DBA1AAD7", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "71CC4D45-66BE-4C23-B541-DD4604ACC9FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2E41058D-380C-4098-96FB-53CC158ED420", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "BFE12226-C599-45A2-8CFD-32753F94204B", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C06F8832-B32F-4352-B048-A4ADCE85373E", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "5278C685-988B-40D7-9AE9-B4FB8AF41C8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C6C6B20B-2E5D-4D25-885A-227A4BE5EEBB", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2FF7251-031D-4A9B-9AF0-1FFE556456D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D942D17-1AA9-4D5A-8F5E-0F4F762522D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A2519BF-5F68-4096-8DE2-2C7BCF7200D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "6B00BD71-2AE5-47BA-999A-7E89590B86C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CA6701A9-78CC-49D0-A40A-CB1C774400AD", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "40B5A7F2-B5B2-46CF-BBD0-AB986A8E55EC", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBEBD56F-EFBC-4620-A77C-E215A7AFDAFE", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C45EA44-ECD1-40A7-89CE-D770BDC9DB4D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "83088B0F-A6F8-4F47-99C0-09FEA234272F", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "17E948D4-6C1A-43D2-B128-1A728FD61703", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "6470915C-CA3C-42CA-B69B-0FC40A33D02D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "759505BA-6F19-4BAE-8297-D8F30EEC8D8C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A98CC34-2DB7-46CD-AA60-A7C08DDF22B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "E424B63B-DCD8-4209-A4CB-84C1EDF5B255", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9576AA2-2FDD-4063-8D84-DE8DB063AC54", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "544368B2-37BE-41DD-8DC2-F04B6A394696", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "14A6B570-09CE-4AFF-AC8C-51F37FC79811", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC5670FB-B9EA-4B9C-BB7B-575494F12CA2", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F1D35E0-2033-4ADE-9ADA-3B45996B53B1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "6205775B-4A83-498F-A60E-54473F5D5704", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.9.1-5:*:*:*:*:*:*:*", "matchCriteriaId": "F8BCDB83-93ED-43CC-9D12-FAB227BE48CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "39A6382B-A08C-4D58-B3F9-D74132A74B86", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "7483B9F2-246C-4B78-9EFA-7734B7209054", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "A83436B8-AFC9-4AA2-8414-1F703812718D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "BCA47F54-B59B-45EC-B5D4-DF544E4BE1AF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "4786DEA6-6F23-4969-B7E0-C664FCB2284E", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "EA3CABBB-9C1F-4ACD-A2AC-8320348DDA99", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "E0ED046D-26E2-4E01-BAB1-F86249A2E827", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "94A2973F-4CDA-4B8D-8331-FD14394AB906", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "A4EF80C9-6950-412E-975F-058F20DF9F04", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "921698C0-DCE3-4604-8ED3-B327273D6EAD", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "F75C73E2-9137-4EAB-8D76-B0B22C391A2B", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc0:*:*:*:*:*:*:*", "matchCriteriaId": "4BE2585F-9F3C-445C-B0A4-CC214B23F2B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc1:*:*:*:*:*:*:*", "matchCriteriaId": "9F061815-F34A-431A-9BF3-020348CB5C45", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.0-rc2:*:*:*:*:*:*:*", "matchCriteriaId": "DE5017A8-9600-422D-A612-CBEF1C3A1E1C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "340D614F-7B0B-4CB3-AEF3-26360FADF67C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71C7DAD-86D5-4E9B-9549-C9FBD48AE22C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "37E501EA-4C70-48F1-9822-5575AFAA8783", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "77FCC2AD-2FDA-484B-B4A6-D842404DEE59", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "B48D2B63-5171-45E6-BF19-DFC63FA6683D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "7750C948-7169-44F1-A834-AE52BFBDC701", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "CD07B7AA-7237-44A9-B8BB-ACEC48BAFBEF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "CD38AD65-FF40-431B-BA2C-D55A7D0737A0", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "36233339-A9DF-4ACD-89A6-F79CB07E1568", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "F385658D-5D5C-49E6-8C67-FE4321CDCE1D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "0A74A421-6012-4BEC-802D-7A05D20AF285", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.13.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EB41C21C-B250-40D1-ADC1-B03866794417", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "77768E6F-408A-48A7-9F67-B8E1760DBA11", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "8162E07B-718E-41B3-B19C-A933CC1E2710", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "A0229959-6909-482B-9446-68C9B3021510", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "7048A380-A251-42D7-B081-CDB38B6A27F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EA71FFE-E41F-4128-A598-EDF446D9A045", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EE446FA1-FBB8-4B76-904C-F4664703BFBD", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "80621FFA-6189-47CD-9A6A-1D5A781862AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "9E5773C0-7714-496A-B038-9C02B99D8F74", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:0.15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B77D3B9C-CE03-4F1C-BA0C-EBC406AF7A62", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E66599D-9EC4-409C-BD26-62EC3B001984", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1CF80F8D-5402-4AA6-ABB1-EEBD8EA0BBDB", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "92FE0592-3611-4F93-A0B2-73ADFBF87FB8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "795EDF48-6FE0-4DE7-A57F-632BF0043677", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "17B83487-28EC-4EF0-9703-BD86384C1276", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "15A780B6-2BF3-480C-A519-16D1BFF2FC5D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E8771F32-FFD2-43BD-B660-2CA8F6C41C5D", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "01E89E31-F32D-4035-8923-7A5728E75DDF", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "436BABC6-3D1C-4945-AADF-ED4D7C686E35", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "C3307CBF-525D-4F66-A7A6-B0B273C0BD7C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0A03725-CE1B-451F-8E14-9168E417692C", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA86C99D-E544-471F-8F8E-94525E600132", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "998961D0-6B1E-4237-AFC3-2E1E4D90BDE3", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "35B1E3F1-4647-47FF-9546-0742F10B607B", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "0147F4B2-0591-4681-AE24-975AB6A349D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "97757FF0-D0D6-4BFE-811A-6398D8520D28", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "46F126B1-284B-4B3A-8540-1498628C46F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "7E8D5F0C-85F5-46D1-B77C-4A7CCE2D69B6", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "508383F4-B6EE-4C64-AE63-209EA87DF557", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EEC5BC38-FFBD-4484-943D-47A0AADD20B8", "vulnerable": true }, { "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image." }, { "lang": "es", "value": "M\u00faltiples desbordamientos de buffer en la funci\u00f3n tsc210x_load en hw/input/tsc210x.c en QEMU anterior a 1.7.2 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor (1) precision, (2) nextprecision, (3) function, o (4) nextfunction manipulado en un imagen savevm." } ], "id": "CVE-2013-4539", "lastModified": "2024-11-21T01:55:47.420", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-11-04T21:55:24.860", "references": [ { "source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f" }, { "source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" }, { "source": "secalert@redhat.com", "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html" }, { "source": "secalert@redhat.com", "tags": [ "Patch" ], "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5193be3be35f29a35bc465036cd64ad60d43385f" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-12-10 00:59
Modified
2024-11-21 02:56
Severity ?
Summary
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.