EUVD-2022-43209

Malicious code in bioql PyPI...

EUVD-2024-32034

Malicious code in bioql PyPI...

USN-7744-1 qemu vulnerabilities

It was discovered that QEMU incorrectly handled certain virtio devices. A privileged guest attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-3446 It was...

Azure Linux 3.0 Security Update: qemu (CVE-2024-3447)

The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3447 advisory. - A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both...

AZL-60196 CVE-2024-3447 affecting package qemu for versions less than 6.2.0-24

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a...

EulerOS Virtualization 2.9.1 : qemu-kvm (EulerOS-SA-2023-1651)

According to the versions of the qemu-kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Regist...

AZL-11441 CVE-2022-3872 affecting package qemu for versions less than 6.2.0-12

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhcireaddataport and sdhciwritedataport, respectively, if datacount == blocksize. A malicious guest could use this flaw to crash the QEMU process on the host,...

CVE-2022-3872

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhcireaddataport and sdhciwritedataport, respectively, if datacount == blocksize. A malicious guest could use this flaw to crash the QEMU process on the host,...

CVE-2022-3872

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhcireaddataport and sdhciwritedataport, respectively, if datacount == blocksize. A malicious guest could use this flaw to crash the QEMU process on the host,...

CVE-2022-3872

An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhcireaddataport and sdhciwritedataport, respectively, if datacount == blocksize. A malicious guest could use this flaw to crash the QEMU process on the host,...

PT-2022-6798 · Qemu +4 · Qemu +4

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: The issue is related to an off-by-one read/write problem in the SDHCI device of QEMU. It occurs when reading or writing the Buffer Data Port Register in sdhci read dataport and sdhci write...

EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2021-1763)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ideatapicmdreplyend in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated...

QEMU heap buffer overflow vulnerability (CNVD-2021-09804)

QEMU is a set of simulation processors written by Fabrice Bellard and distributed with source code under the GPL license, widely used on the GNU/Linux platform. QEMU 5.0.0 and earlier versions of SDHCI device emulation support suffer from a heap buffer overflow vulnerability when performing a...

CVE-2020-17380

A flaw was found in QEMU. A heap-based buffer overflow vulnerability was found in the SDHCI device emulation support allowing a guest user or process to crash the QEMU process on the host resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1241-1)

This update for qemu fixes several issues. These security issues were fixed : - CVE-2017-2620: In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation bsc1024972 -...

USN-3268-1: QEMU vulnerabilities

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2016-10028 It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker...

SUSE SLES12 Security Update : qemu (SUSE-SU-2017:0661-1)

This update for qemu fixes several issues. These security issues were fixed : - CVE-2017-2620: In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation bsc1024972 -...

SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:0625-1)

This update for qemu fixes several issues. These security issues were fixed : - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS bsc1023907. - CVE-2017-5857: The Virtio...