SUSE CVE-2008-4539

Heap-based buffer overflow in the Cirrus VGA implementation in 1 KVM before kvm-82 and 2 QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorre...

Denial Of Service (DoS) Through Divide By Zero

QEMU is vulnerable to denial of serviceDoS through divide by zero attacks. This occurs in the cirrusdocopy function in hw/display/cirrusvga.c when cirrus graphics mode is VGA. Privileged users could cause divide-by-zero error and a process crash via vectors involving blit pitch values...

ALPINE-CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this fla...

Debian DSA-4213-1 : qemu - security update (Spectre)

Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. - CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. -...

QEMU: cirrus: OOB access when updating VGA display

Quick Emulator aka QEMU, when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service out-of-bounds access and QEMU process crash by leveraging incorrect region calculation when updating VGA display...

Qemu: cirrus: OOB access issue in mode4and5 write functions

Quick emulator QEMU, compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Deni...

Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy

The cirrusdocopy function in hw/display/cirrusvga.c in QEMU aka Quick Emulator, when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service divide-by-zero error and QEMU process crash via vectors involving blit pitch values...

Qemu: cirrus: heap buffer overflow via vnc connection

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash...

Qemu: display: cirrus: OOB read access issue

An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions for example, cirrusbitbltropfwdtransp. A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in...

Qemu: cirrus: heap buffer overflow via vnc connection

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash...

UBUNTU-CVE-2017-7718

hw/display/cirrusvgarop.h in QEMU aka Quick Emulator allows local guest OS privileged users to cause a denial of service out-of-bounds read and QEMU process crash via vectors related to copying VGA data via the cirrusbitbltropfwdtransp and cirrusbitbltropfwd functions...

CVE-2016-9922

The cirrusdocopy function in hw/display/cirrusvga.c in QEMU aka Quick Emulator, when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service divide-by-zero error and QEMU process crash via vectors involving blit pitch values...

Qemu: display: cirrus: oob access while doing bitblt copy backward mode

Quick emulator QEMU built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or...

Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo

Quick emulator QEMU built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrusbitbltcputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute...

Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo

Quick emulator QEMU built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrusbitbltcputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute...

PT-2017-10387 · Qemu Team +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: QEMU aka Quick Emulator versions affected versions not specified Description: The issue allows local guest OS privileged users to cause a denial of service, resulting in a divide-by-zero error and QEMU process crash. This is achieved through...

UBUNTU-CVE-2016-9921

Quick emulator Qemu built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host,...

qemu: cirrus: insufficient blit region checks

It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data...

openSUSE Security Update : kvm (kvm-412)

Rogue VNC clients could make the built in VNC server of kvm run into an infinite loop CVE-2008-2382 An off-by-one bug limited the length of VNC passwords to seven instead of eight CVE-2008-5714 Virtualized guests could potentially execute code on the host by triggering a buffer overflow in the...

Debian: Security Advisory (DSA-1799-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...