CVE-2020-3965

CVE-2020-3965 affects VMware ESXi, Workstation, and Fusion, describing an information-leak in the XHCI USB controller that could let a local VM attacker read privileged information from hypervisor memory. Affected: ESXi 7.0 (pre-1.20.16321839), 6.7 (pre-670-202006401-SG), 6.5 (pre-650-202005401-S...

CVE-2020-3965

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.2, and Fusion 11.x before 11.5.2 contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may b...

CVE-2020-3964

CVE-2020-3964 is an information-leak vulnerability in the EHCI USB controller affecting VMware products. A local attacker with access to a guest VM can read privileged information from the hypervisor memory, under conditions described by VMware and Red Hat/CNVD disclosures. Affected are: ESXi 7.0...

CVE-2020-3964

VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.2, and Fusion 11.x before 11.5.2 contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may b...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

The vulnerability of VMware ESXi, VMware Fusion, and Vmware Workstation arises from operations that occur outside the buffer boundaries of memory, allowing an attacker to execute arbitrary code.

The vulnerability of VMware ESXi, VMware Fusion, and Vmware Workstation hypervisors is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a virtual USB controller...

CVE-2019-5519

VMware ESXi 6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001, Workstation 15.x before 15.0.4, 14.x before 14.1.7, Fusion 11.x before 11.0.3, 10.x before 10.1.6 contain a Time-of-check Time-of-use TOCTOU vulnerability in the virtual USB 1.1 UHCI Universal Ho...

Code injection

VMware ESXi 6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001, Workstation 15.x before 15.0.4, 14.x before 14.1.7, Fusion 11.x before 11.0.3, 10.x before 10.1.6 contain a Time-of-check Time-of-use TOCTOU vulnerability in the virtual USB 1.1 UHCI Universal Ho...

CVE-2019-5518

VMware ESXi 6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001, Workstation 15.x before 15.0.4, 14.x before 14.1.7, Fusion 11.x before 11.0.3, 10.x before 10.1.6 contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI Universal Host...

Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx

The xhcikickepctx function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service infinite loop and QEMU process crash via vectors related to control transfer descriptor sequence...

QEMU 'hw/usb/hcd-ohci.c' Denial of Service Vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in QEMU 'hw/usb/hcd-ohci.c'. An attacker exploits this vulnerability to cause a QEMU instance to cras...

DEBIAN-CVE-2016-2198

QEMU aka Quick Emulator built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting ...

Half of Leading USB Controller Chips Vulnerable to BadUSB

BadUSB hasn’t gone from bad to worse necessarily, but it sure has reached a new state of confusion for security experts and consumers in the crosshairs. Researcher Karsten Nohl, who warned the world during Black Hat last summer that the controller chips in most USB devices could be reprogrammed t...

UBUNTU-CVE-2014-5263

vmstatexhcievent in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATEENDOFLIST macro, which allows attackers to cause a denial of service out-of-bounds access, infinite loop, and memory corruption and possibly gain privileges via unspecified vectors...