15 matches found
NewStart CGSL MAIN 7.02 : qemu Multiple Vulnerabilities (NS-SA-2025-0248)
The remote NewStart CGSL host, running version MAIN 7.02, has qemu packages installed that are affected by multiple vulnerabilities: - A flaw was found in QEMU. An assertion failure was present in the updatesctpchecksum function in hw/net/nettxpkt.c when trying to calculate the checksum of a...
EUVD-2020-9333
Malware in sbrugna...
Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : QEMU vulnerabilities (USN-7744-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7744-1 advisory. It was discovered that QEMU incorrectly handled certain virtio devices. A privileged guest attacker could use this issue to cause QEM...
USN-7744-1: QEMU vulnerabilities
It was discovered that QEMU incorrectly handled certain virtio devices. A privileged guest attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-3446 It was...
AZL-60901 CVE-2024-3447 affecting package qemu for versions less than 8.2.0-16
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a...
DEBIAN-CVE-2024-3447
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a...
UBUNTU-CVE-2024-3447
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a...
OESA-2024-1505 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or...
SUSE CVE-2020-17380
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhcisdmatransfermultiblocks routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the...
SUSE CVE-2021-3409
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resultin...
USN-5010-1 qemu vulnerabilities
Lei Sun discovered that QEMU incorrectly handled certain MMIO operations. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2020-15469 Wenxiang Qian discovered that QEMU incorrectly handled certain ATAPI commands. An attacker...
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
...
DEBIAN-CVE-2020-17380
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhcisdmatransfermultiblocks routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the...
USN-4650-1 qemu vulnerabilities
Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvir...
PT-2020-5947
Name of the Vulnerable Software and Affected Versions: QEMU versions through 5.0.0 Description: A heap-based buffer overflow was found in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci sdma transfer multi blocks routine in hw/sd/sdhci.c. A...