MiracleLinux 7 : qemu-kvm-1.5.3-141.el7.4 (AXSA:2017-2446:08)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2446:08 advisory. Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue...

EUVD-2014-7953

Malware in sbrugna...

EUVD-2007-1317

Malware in sbrugna...

EUVD-2017-11776

Malware in sbrugna...

EUVD-2017-9170

Malware in sbrugna...

EUVD-2008-4520

Malware in sbrugna...

EUVD-2016-10708

Malware in sbrugna...

hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.

...

Linux Distros Unpatched Vulnerability : CVE-2017-2620

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Quick emulator QEMU before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while...

RHEL 7 : qemu-kvm-rhev (RHSA-2018:1646)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1646 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provi...

K63519101: Multiple QEMU vulnerabilities

Security Advisory Description CVE-2014-8106 Heap-based buffer overflow in the Cirrus VGA emulator hw/display/cirrusvga.c in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for...

SUSE CVE-2014-8106

Heap-based buffer overflow in the Cirrus VGA emulator hw/display/cirrusvga.c in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320...

SUSE CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this fla...

SUSE CVE-2016-9921

Quick emulator Qemu built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host,...

SUSE CVE-2016-9922

The cirrusdocopy function in hw/display/cirrusvga.c in QEMU aka Quick Emulator, when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service divide-by-zero error and QEMU process crash via vectors involving blit pitch values...

SUSE CVE-2017-2615

Quick emulator QEMU built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or...

SUSE CVE-2017-2620

Quick emulator QEMU before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrusbitbltcputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially...

SUSE CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator Qemu 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service crash via vectors related to a VNC client updating its display after a VGA operation...

SUSE CVE-2017-15289

The mode4and5 write functions in hw/display/cirrusvga.c in Qemu allow local OS guest privileged users to cause a denial of service out-of-bounds write access and Qemu process crash via vectors related to dst calculation...

SUSE CVE-2017-18030

The cirrusinvalidateregion function in hw/display/cirrusvga.c in Qemu allows local OS guest privileged users to cause a denial of service out-of-bounds array access and QEMU process crash via vectors related to negative pitch...