8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
32.9%
An infinite-loop issue was found in the QEMU emulator built with USB
EHCI emulation support. The flaw occurred during communication between
the host controller interface(EHCI) and a respective device driver.
These two communicate using an isochronous transfer descriptor
list(iTD); an infinite loop unfolded if there was a closed loop in the
list. A privileged user inside a guest could use this flaw to consume
excessive resources and cause denial of service.
An out-of-bounds read/write access flaw was found in the way QEMU’s VGA
emulation with VESA BIOS Extensions (VBE) support performed read/write
operations using I/O port methods. A privileged guest user could use
this flaw to execute arbitrary code on the host with the privileges of
the host’s QEMU process.
Qemu emulator built with the VGA Emulator support is vulnerable to an
integer overflow and OOB read access issues. This occurs because Qemu
allows certain VGA registers to be set while in VBE mode. A privileged
guest user could use this flaw to crash the Qemu process instance
resulting in DoS.
Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus
Adapter emulation support is vulnerable to an information leakage issue.
It could occur while processing MegaRAID Firmware Interface(MFI) command
to read device configuration in ‘megasas_dcmd_cfg_read’. A privileged
user inside guest could use this flaw to leak host memory bytes.
Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus
Adapter emulation support is vulnerable to an out-of-bounds write access
issue. It could occur while processing MegaRAID Firmware Interface(MFI)
command to set controller properties in ‘megasas_dcmd_set_properties’.
A privileged user inside guest could use this flaw to crash the Qemu
process on the host resulting in DoS.
Quick Emulator(Qemu) built with the MegaRAID SAS 8708EM2 Host Bus
Adapter emulation support is vulnerable to an out-of-bounds read access
issue. It could occur while looking up MegaRAID Firmware Interface(MFI)
command frames in ‘megasas_lookup_frame’ routine. A privileged user
inside guest could use this flaw to read invalid memory leading to crash
the Qemu process on the host.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
any | any | any | qemu-arch-extra | < 2.6.0-1 | UNKNOWN |
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
32.9%