A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

...

CVE-2024-6519

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape...

SUSE CVE-2011-3346

Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service guest crash via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has...

The vulnerability of the host shell adapter am53c974 in the SCSI emulator hardware support of QEMU allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the am53c974 host shell adapter in the SCSI emulator and hardware support provided by QEMU relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...

SUSE-SU-2021:0521-1 Security update for qemu

This update for qemu fixes the following issues: - Fixed potential privilege escalation in virtfs CVE-2021-20181 bsc1182137 - Fixed out-of-bound access in iscsi CVE-2020-11947 bsc1180523 - Fixed out-of-bound access in vmxnet3 emulation CVE-2021-20203 bsc1181639 - Fixed out-of-bound access in ARM...

Fedora 23 : xen (2016-103752d2a9)

Qemu: scsi: esp: OOB r/w access while processing ESPFIFO CVE-2016-5338 1343323 Qemu: scsi: megasas: information leakage in megasasctrlgetinfo CVE-2016-5337 1343909 ---- fix for CVE-2016-2858 doesn't build with qemu-xen enabled Unsanitised guest input in libxl device handling code XSA-175,...

UBUNTU-CVE-2016-4441

The getcmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller FSC support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash via unspecified vectors, involving an SCSI command...

PT-2014-2145 · Qemu +1 · Qemu +1

Name of the Vulnerable Software and Affected Versions: QEMU versions prior to 0.15.2 Description: A buffer overflow issue exists in the SCSI subsystem of QEMU, which could allow local guest users with permission to access the CD-ROM to cause a denial of service guest crash via a crafted SAI READ...