EUVD-2021-27025

Malware in sbrugna...

CBL Mariner 2.0 Security Update: qemu / qemu-kvm (CVE-2021-3750)

The version of qemu / qemu-kvm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3750 advisory. - A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify ...

ROS-20240606-01

A vulnerability in QEMU's USB EHCI controller emulation is related to the lack of checks if the buffer pointer overlaps with the MMIO register when transmitting USB packets. the buffer pointer overlaps with the MMIO region when transmitting USB packets. Exploitation of the vulnerability could all...

CentOS 9 : qemu-kvm-8.0.0-8.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the qemu-kvm-8.0.0-8.el9 build changelog. - A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with...

RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:0404)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0404 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contai...

Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2023-6980)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6980 advisory. - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz2101280 - Fixes: CVE-2022-40284 - Fixes: CVE-2021-46790, CVE-2022-30783,...

RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2023:6980)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6980 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contai...

SUSE SLES15 Security Update : qemu (SUSE-SU-2023:3800-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3800-1 advisory. - Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigati...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-2082)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.0 : qemu (EulerOS-SA-2023-2134)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Bloc...

CVE-2022-31705

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller EHCI. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESX...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : QEMU vulnerabilities (USN-5772-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5772-1 advisory. It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this...

Oracle Linux 9 : qemu-kvm (ELSA-2022-7967)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7967 advisory. - Resolves: bz1951522 CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers rhel-9.0 Tenable has extracted the preceding...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-2213)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2022-2213)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the...

EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2022-2120)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-2120)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3750

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...

CVE-2021-3750

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...

CVE-2021-3750

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...