19 matches found
MiracleLinux 7 : qemu-kvm-1.5.3-175.el7.3 (AXSA:2021-1371:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1371:01 advisory. QEMU: loader: OOB access while loading registered ROM may lead to code execution CVE-2020-13765 QEMU: reachable assertion failure in...
Linux Distros Unpatched Vulnerability : CVE-2020-13765
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory...
Ubuntu: Security Advisory (USN-7094-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2020-13765
romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...
SUSE: Security Advisory (SUSE-SU-2021:14704-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:1305-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : qemu-kvm (ALAS-2021-1488)
The version of qemu-kvm installed on the remote host is prior to 1.5.3-156.26. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1488 advisory. An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the...
Amazon Linux 2 : qemu (ALAS-2021-1617)
The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1617 advisory. An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the romcopy...
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2021-1455)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS: Security Advisory for qemu-img (CESA-2021:0347)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
qemu-kvm security and bug fix update
1.5.3-175.el79.3 - kvm-Suppress-prototype-warning-for-nss-headers.patch bz1884997 - Resolves: bz1884997 qemu-kvm FTBFS on rhel7.9 1.5.3-175.el79.2 - kvm-hw-net-vmxnettxpkt-fix-assertion-failure-in-vmxnet.patch bz1860960 - kvm-hw-core-loader-Fix-possible-crash-in-romcopy.patch bz1842923 - Resolves...
RHEL 7 : qemu-kvm (RHSA-2021:0347)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0347 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide th...
Moderate: Red Hat Security Advisory: qemu-kvm security and bug fix update
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
USN-4467-1: QEMU vulnerabilities
Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS...
[SECURITY] [DLA 2262-1] qemu security update
Package : qemu Version : 1:2.1+dfsg-12+deb8u15 CVE ID : CVE-2020-1983 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765 Debian Bug : Several vulnerabilities were fixed in qemu, a fast processor emulator. CVE-2020-1983 slirp: Fix use-after-free in ipreass. CVE-2020-13361 es1370transferaudio in...
CVE-2020-13765
romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...
CVE-2020-13765
CVE-2020-13765 affects QEMU 4.0 and 4.1.0, where rom_copy() in hw/core/loader.c does not validate the relationship between two addresses, enabling an out-of-bounds memory copy and potentially code execution. Public advisories (e.g., Oracle Linux ELSA entries and MiracleLinux AXSA-2021-1371) indic...
CVE-2020-13765
romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...
CVE-2020-13765
An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the romcopy routine while loading the contents of a 32-bit -kernel image into memory. Running an untrusted -kernel image may load contents at arbitrary memory locations, potentially...