Astra Linux - уязвимость в qemu

A flaw was discovered in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can result in the callback being fired later, thereby causing a use-after-free when using the channel. This vulnerability can be exploited by a malicious...

MiracleLinux 4 : qemu-kvm-0.12.1.2-2.479.AXS4.2 (AXSA:2015-518:06)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-518:06 advisory. KVM for Kernel-based Virtual Machine is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running...

RockyLinux 8 : virt:rhel and virt-devel:rhel (RLSA-2023:2757)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2757 advisory. ntfs-3g: heap-based buffer overflow in ntfsck CVE-2021-46790 QEMU: VNC: integer underflow in vncclientcuttextext leads to CPU exhaustion CVE-2022-3165...

UBUNTU-CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

PT-2023-4596 · Qemu +9 · Qemu +9

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans ...

SUSE CVE-2021-3546

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIOGPUCMDGETCAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on t...

DEBIAN-CVE-2019-6778

In QEMU 3.0.0, tcpemu in slirp/tcpsubr.c has a heap-based buffer overflow...

Virglrenderer Denial of Service Vulnerability (CNVD-2017-02434)

Virglrenderer is a library for maintaining API stability in Virgil 3d projects. A denial of service vulnerability exists in Virglrenderer. An attacker exploits this vulnerability to crash a QEMU instance, resulting in a denial of service...

UBUNTU-CVE-2016-7156

The pvscsiconvertsglist function in hw/scsi/vmwpvscsi.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging an incorrect cast...

UBUNTU-CVE-2015-8744

QEMU aka Quick Emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance resulting in DoS...

DSA-2543-1 xen-qemu-dm-4.0 - multiple

Bulletin has no description...