Astra Linux - уязвимость в qemu

A bug in QEMU could cause a guest I/O operation that is normally directed to an arbitrary disk offset to be directed instead to offset 0. This could potentially overwrite the VM’s boot code. For example, this could be exploited by L2 guests who have a virtual disk vdiskL2 stored on the virtual di...

OESA-2026-2090 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of...

Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse

...

📄 QEMU VMDK Out-Of-Bounds Read

A flaw was found in QEMU's VMDK block driver implementation. When processing compressed grain markers within a monolithicSparse VMDK image, insufficient bounds validation may allow the decompression routine to read beyond the allocated buffer. A specially crafted VMDK image could trigger an...

UBUNTU-CVE-2026-2243

A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition DoS...

CVE-2026-2243

A CVE for QEMU (CVE-2026-2243) describes an out-of-bounds read triggered by a specially crafted VMDK image. The vulnerability could leak 12 bytes of sensitive information or cause a denial of service. The provided documents specify the affected software and the root cause (out-of-bounds read in V...

CVE-2025-40604

The CVE-2025-40604 affects SonicWall Email Security appliances. It describes a vulnerability where the device downloads root filesystem images without verifying signatures, enabling attackers with VMDK or datastore access to modify system files and achieve persistent arbitrary code execution. Pub...

Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to an improper input validation vulnerability due to Apache Axis. CVE-2023-51441.

Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to an improper input validation vulnerability due to Apache Axis. CVE-2023-51441. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED Improper Input...

Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to multiple vulnerabilities due to Apache Axis. CVE-2018-8032, CVE-2014-3596, CVE-2019-0227, CVE-2012-5784

Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to multiple vulnerabilities due to Apache Axis. CVE-2018-8032, CVE-2014-3596, CVE-2019-0227, CVE-2012-5784. Vulnerability Details CVEID:CVE-2018-8032 DESCRIPTION: Apache Axis 1.x up ...

EUVD-2024-29054

Malicious code in bioql PyPI...

EUVD-2022-33517

Malicious code in bioql PyPI...

EUVD-2022-29432

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-47951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before...

CVE-2025-47971

Buffer over-read in Virtual Hard Disk VHDX allows an unauthorized attacker to elevate privileges locally...

CVE-2023-27246

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file...

CBL Mariner 2.0 Security Update: qemu (CVE-2023-5088)

The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5088 advisory. - A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted ...

CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

UBUNTU-CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

CVE-2024-31144

CVE-2024-31144 affects Xen/Xapi backup/restore of VM/SR metadata via a VDI metadata store. The vulnerability arises because the host searches VDI images to locate the metadata VDI and restore metadata; a malicious guest can manipulate its disk to appear as a metadata backup, potentially causing m...