21 matches found
Astra Linux - уязвимость в qemu
A NULL pointer dereference flaw was discovered in the floppy disk emulator of QEMU. This issue occurs when processing read/write ioport commands, especially if the selected floppy drive is not initialized using a block device. This flaw allows a privileged guest user to crash the QEMU process on...
Astra Linux - уязвимость в qemu
A use-after-free flaw was discovered in the MegaRAID emulator of QEMU. This issue occurs during the processing of SCSI I/O requests when the mptsasfreerequest function fails to dequeue the request object ‘req’ from the pending requests queue. This flaw allows a privileged guest user to crash the...
CVE-2019-20175
An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 the size...
EUVD-1999-0265
Malware in sbrugna...
EUVD-2024-44292
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-3392
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsasfreerequest...
UBUNTU-CVE-2024-8354
A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition...
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service.
...
SUSE CVE-2013-1935
A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux RHEL 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service host OS crash by leveraging a time window during which interrup...
SUSE CVE-2020-27661
A divide-by-zero issue was found in dwc2handlepacket in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service...
AZL-35164 CVE-2022-4144 affecting package qemu for versions less than 6.2.0-18
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use th...
CVE-2021-3582
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMACMDCREATEMR" command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this...
SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3655-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3655-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a...
Unspecified vulnerability in Linux kernel (CNVD-2021-84584)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel powerpc prior to version 5.14.15, which stems from an implementation error in arch/powerpc/kvm/book3shvrmhandlers when handling...
Vulnerabilities fixed in Citrix Hypervisor (Xen)
Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a local malicious person with elevated permissions on a guest system able to cause the host system to crash. Citrix has released updates to fix the vulnerabilities. More information can be found on the page below:...
SAP 3D Visual Enterprise Viewer Input Validation Error Vulnerability (CNVD-2020-52384)
SAP 3D Visual Enterprise Viewer VEV is a suite of software from SAP for viewing, zooming, panning and rotating interactive 3D data and playing step-by-step animations. An input validation error vulnerability exists in SAP 3D Visual Enterprise Viewer, which could be exploited by an attacker to cau...
Microsoft Windows Hyper-V Denial of Service Vulnerability (CNVD-2019-38765)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Windows Hyper-V is one of the virtualization products that supports...
UBUNTU-CVE-2017-17563
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service host OS crash or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode...
DEBIAN-CVE-2016-9923
Quick Emulator Qemu built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS...
Xen Denial of Service Vulnerability (CNVD-2015-08402)
Xen is an open source virtual machine monitor product developed at the University of Cambridge in the United Kingdom. Xen has a security vulnerability that allows an attacker to exploit the vulnerability to crash the host with virtual machine administrator privileges to conduct a denial of servic...