CVE-2020-5971

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalatio...

Important: Red Hat Security Advisory: qemu-kvm-rhev security update

An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 : qemu-kvm-rhev (RHSA-2020:2730)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2730 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provi...

Arbitrary Code Execution

qemu-kvm-rhev is vulnerable to arbitrary code execution. The vulnerability exists in slirp where an out of bounds OOB buffer access while emulating tcp protocols in tcpemu...

CVE-2020-13398

An issue was found in freerdp's libfreerdp/crypto/crypto.c, in versions before 2.1.1, where buffer access with an incorrect length value, leads to an out-of-bounds write. This flaw allows a remote, unauthenticated, attacker running an RDP server, or a local attacker, using a specially crafted...

RUSTSEC-2020-0021 rio allows a use-after-free buffer access when a future is leaked

When a rio::Completion is leaked, its drop code will not run. The drop code is responsible for waiting until the kernel completes the I/O operation into, or out of, the buffer borrowed by rio::Completion. Leaking the struct will allow one to access and/or drop the buffer, which can lead to a...

rio allows a use-after-free buffer access when a future is leaked

When a rio::Completion is leaked, its drop code will not run. The drop code is responsible for waiting until the kernel completes the I/O operation into, or out of, the buffer borrowed by rio::Completion. Leaking the struct will allow one to access and/or drop the buffer, which can lead to a...

The vulnerability of the WritePDBImage function in the GraphicsMagick graphics editor, related to writing beyond buffer boundaries, allows an attacker to access confidential information or cause a service failure.

The vulnerability of the WritePDBImage function in the GraphicsMagick graphics editor is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to gain access to confidential information or cause service failures...

virt:ol security and bug fix update

qemu-kvm 2.12.0-88.0.1.el810.3 - Added bug30251155-remove-upstream-reference Orabug: 30251155 2.12.0-88.el810.3 - kvm-tcpemu-Fix-oob-access.patch bz1791565 - kvm-slirp-use-correct-size-while-emulating-IRC-commands.patch bz1791565 - kvm-slirp-use-correct-size-while-emulating-commands.patch bz17915...

CentOS 7 : qemu-kvm (RHSA-2020:1116)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1116 advisory. - tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMUIRC. This can cause a heap-based...

qemu security update

CentOS Errata and Security Advisory CESA-2020:1116 An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

Important: Red Hat Security Advisory: container-tools:1.0 security update

An update for the container-tools:1.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RLSA-2020:1360 Important: container-tools:1.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcpemu CVE-2020-7039 For more details about the security issues, including the impact, a CVSS score,...

Important: container-tools:1.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcpemu CVE-2020-7039 For more details about the security issues, including the impact, a CVSS score,...

ALSA-2020:1358 Important: virt:rhel security and bug fix update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

Important: Red Hat Security Advisory: qemu-kvm-ma security update

An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Important: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

RHEL 7 : qemu-kvm-ma (RHSA-2020:1352)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1352 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide...

RHEL 8 : virt:rhel (RHSA-2020:1344)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1344 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packag...

CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to crash the QEMU process,...