3 matches found
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
SUSE CVE-2017-2630
A stack buffer overflow flaw was found in the Quick Emulator QEMU before 2.9 built with the Network Block Device NBD client support. The flaw could occur while processing server's response to a 'NBDOPTLIST' request. A malicious NBD server could use this issue to crash a remote NBD client resultin...
CVE-2016-9637
The 1 ioportread and 2 ioportwrite functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access...