Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001344)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001344 advisory. An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used by local attackers to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002661 advisory. The cdromioctlmediachanged function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003116)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003116 advisory. An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used by local attackers to...

CVE-1999-0594

A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive...

EUVD-1999-0577

Malware in sbrugna...

K17057: QEMU vulnerabilities CVE-2015-3214, CVE-2015-5154, and CVE-2015-5158

Security Advisory Description CVE-2015-3214 An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pitioportread function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare case...

SUSE CVE-2018-16658

An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940...

kernel: Information leak in cdrom_ioctl_drive_status

An information leak was discovered in the Linux kernel in cdromioctldrivestatus function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location...

kernel: Information leak in cdrom_ioctl_drive_status

An information leak was discovered in the Linux kernel in cdromioctldrivestatus function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location...

kernel: Information leak in cdrom_ioctl_drive_status

An information leak was discovered in the Linux kernel in cdromioctldrivestatus function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location...

Heap-Based Buffer Overflow

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer...

Linux kernel information disclosure vulnerability (CNVD-2018-18597)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the 'cdromioctldrivestatus' function in the drivers/cdrom/cdrom.c file in versions of the Linux kernel prior to 4.18....

UBUNTU-CVE-2017-12809

QEMU aka Quick Emulator, when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service NULL pointer dereference and QEMU process crash by flushing an empty CDROM device drive...

DEBIAN-CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands...

Heap overflow

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands...

CVE-2015-5154

CVE-2015-5154 is a heap-based buffer overflow in QEMU’s IDE subsystem (ATAPI handling). A privileged guest with a CDROM drive enabled could potentially execute arbitrary host code via crafted ATAPI I/O. Public docs specify this as a host-attack surface when CD-ROM access is present; Debian securi...

CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands...

CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands...

FreeBSD : qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands (da451130-365d-11e5-a4a5-002590263bf5)

The Xen Project reports : A heap overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the...

Xen Patches VM Escape Flaw

The Xen Project has patched a serious vulnerability that could allow an attacker in a guest virtual machine to escape and gain the ability to run arbitrary code on the host machine. The vulnerability is in the QEMU open source machine emulator that ships as part of the Xen hypervisor. The problem...