Astra Linux - уязвимость в qemu

A issue was discovered in QEMU through version 5.1.0. An out-of-bounds memory access was identified in the ATI VGA device implementation. This flaw occurs in the ati2dblt routine in hw/display/ati2d.c, during handling of MMIO write operations via the atimmwrite callback. A malicious guest could...

EUVD-2007-2447

Malware in sbrugna...

Ubuntu 20.04 LTS / 22.04 LTS : QEMU regression (USN-6567-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6567-2 advisory. USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too restrictive and introduced a behaviour change leading to a regression in...

Ubuntu: Security Advisory (USN-6567-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6567-1: QEMU vulnerabilities

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2020-14394 It w...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2023-1182)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3638

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati2dblt routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QE...

CVE-2021-3638

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati2dblt routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QE...

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service.

...

CVE-2020-24352

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati2dblt routine in hw/display/ati2d.c while handling MMIO write operations through the atimmwrite callback. A malicious guest could use this flaw ...

DEBIAN-CVE-2020-24352

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati2dblt routine in hw/display/ati2d.c while handling MMIO write operations through the atimmwrite callback. A malicious guest could use this flaw ...

UBUNTU-CVE-2020-24352

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati2dblt routine in hw/display/ati2d.c while handling MMIO write operations through the atimmwrite callback. A malicious guest could use this flaw ...

CVE-2020-17401

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3575-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3575-1 advisory. It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash...

USN-3575-1 qemu vulnerabilities

It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-11334 David Buchanan discovered that QEMU...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3289-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3289-1 advisory. Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to...

USN-3289-1: QEMU vulnerabilities

Li Qiang discovered that QEMU incorrectly handled VirtFS directory sharing. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2017-7377, CVE-2017-8086 Jiangxin discovered that QEMU incorrectly handled the Cirrus VGA device. A...

FreeBSD : FreeBSD -- bhyve - privilege escalation vulnerability (a479a725-9adb-11e6-a298-14dae9d210b8)

An unchecked array reference in the VGA device emulation code could potentially allow guests access to the heap of the bhyve process. Since the bhyve process is running as root, this may allow guests to obtain full control of the hosts they are running on. Impact : For bhyve virtual machines with...

Default credentials

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...

xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends

The Xen Project reports: When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration. The libxl toolstack library does not explicitly disable these...