Important: qemu

Issue Overview: A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QE...

QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest's physical address, potentially reading past the end of the bar space into adjacent pages. This could allow a malicious gues...

UBUNTU-CVE-2022-4144

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use th...

UBUNTU-CVE-2021-4206

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on th...

PT-2022-3841

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description The issue is related to an integer overflow in the cursor alloc function of the QEMU hardware emulator, specifically in the QXL display device emulation. This can lead to the allocation of a sma...