13 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-9375
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QEMU aka Quick Emulator, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service infinite...
SUSE: Security Advisory (SUSE-SU-2017:2946-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1927-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1927-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u12 CVE ID : CVE-2016-5126 CVE-2016-5403 CVE-2017-9375 CVE-2019-12068 CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 CVE-2019-15890 Debian Bug : 826151 832619 864219 929353 931351 933741 933742 939868 939869 Several vulnerabilities were found in QEMU, a fa...
SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2969-1)
This update for qemu fixes several issues. These security issues were fixed : - CVE-2017-15289: The mode4and5 write functions allowed local OS guest privileged users to cause a denial of service out-of-bounds write access and Qemu process crash via vectors related to dst calculation bsc1063122 -...
SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2946-1)
This update for qemu fixes several issues. These security issues were fixed : - CVE-2017-10911: The makeresponse function in the Linux kernel allowed guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fiel...
Ubuntu: Security Advisory (USN-3414-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-3414-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3414-1 advisory. Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges insid...
Moderate: Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update
An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7, Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7, Red Hat OpenStack Platform 8.0 Liberty, Red Hat OpenStack Platform 9.0 Mitaka, Red Hat OpenStack Platform 10.0 Newton,...
[SECURITY] [DSA 3920-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3920-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2017 https://www.debian.org/security/faq -...
Security update for qemu (important)
This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service infinite loop by leveraging an incorrect return value bsc1042159. - CVE-2017-8379: Memory leak in the keyboard input...
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1774-1)
This update for qemu fixes several issues. These security issues were fixed : - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service infinite loop by leveraging an incorrect return value bsc1042159. - CVE-2017-8379: Memory leak in the keyboard input...
CVE-2017-9375
CVE-2017-9375 affects QEMU when built with USB xHCI controller emulation. A local privileged guest user can trigger a denial of service via infinite recursion through control transfer descriptor sequencing. The CVE is listed among fixes in Red Hat RHSA-2017:2408 and appears in multiple advisories...