66 matches found
SUSE SLES12: qemu / qemu-arm / qemu-block-curl / qemu-block-iscsi / etc (SUSE-SU-2021:3653-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3653-1 advisory. Security issues fixed: - Fix out-of-bounds write in UAS USB Attached SCSI device emulation bsc1189702, CVE-2021-3713 - Fix heap...
SUSE-SU-2021:3613-1 Security update for qemu
This update for qemu fixes the following issues: Security issues fixed: - Fix heap use-after-free in virtionetreceivercu bsc1189938, CVE-2021-3748 - Fix out-of-bounds write in UAS USB Attached SCSI device emulation bsc1189702, CVE-2021-3713 - usbredir: free call on invalid pointer in bufpalloc...
openSUSE: Security Advisory for qemu (openSUSE-SU-2021:3604-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Debian DSA-4980-1 : qemu - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4980 advisory. Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code. For t...
CVE-2021-3713
An out-of-bounds write flaw was found in the UAS USB Attached SCSI device emulation of QEMU. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice-data3 and UASDevice-status3 fields. A malicious guest user could use this flaw to crash...
An EPYC escape: Case-study of a KVM breakout
Posted by Felix Wilhelm, Project Zero Introduction KVM for Kernel-based Virtual Machine is the de-facto standard hypervisor for Linux-based cloud environments. Outside of Azure, almost all large-scale cloud and hosting providers are running on top of KVM, turning it into one of the fundamental...
OPENSUSE-SU-2021:0600-1 Security update for qemu
This update for qemu fixes the following issues: - CVE-2020-12829: Fix OOB access in sm501 device emulation bsc1172385 - CVE-2020-25723: Fix use-after-free in usb xhci packet handling bsc1178934 - CVE-2020-25084: Fix use-after-free in usb ehci packet handling bsc1176673 - CVE-2020-25625: Fix...
SUSE-SU-2021:1242-1 Security update for qemu
This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation CVE-2020-12829, bsc1172385 - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation CVE-2020-13362 bsc1172383 - Fix use-after-free in usb xhci packet handling CVE-2020-25723, bsc1178934 - Fix...
QEMU 资源管理错误漏洞
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU ESP Device Emulation has a security vulnerability that can be exploited by an attacker to allow the use of multiple exploits via device...
EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2021-1763)
According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ideatapicmdreplyend in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated...
QEMU heap buffer overflow vulnerability (CNVD-2021-09804)
QEMU is a set of simulation processors written by Fabrice Bellard and distributed with source code under the GPL license, widely used on the GNU/Linux platform. QEMU 5.0.0 and earlier versions of SDHCI device emulation support suffer from a heap buffer overflow vulnerability when performing a...
Breaking Samsung firmware, or turning your S8/S9/S10 into a DIY “Proxmark”
This post is a companion to the DEF CON 28 video available here Breaking the Firmware of Samsung’s NFC Chips Recently I have been looking into how to push the capabilities of my old smartphones beyond what you could traditionally do just by rooting it. Smartphones contain huge amounts of hardware...
CVE-2020-17380
A flaw was found in QEMU. A heap-based buffer overflow vulnerability was found in the SDHCI device emulation support allowing a guest user or process to crash the QEMU process on the host resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU...
SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2020:2015-1)
This update for qemu to version 4.2.1 fixes the following issues : CVE-2020-10761: Fixed a denial of service in Network Block Device nbd support infrastructure bsc1172710. CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation bsc1172495. CVE-2020-13659: Fixed a NULL pointer...
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:1241-1)
This update for qemu fixes several issues. These security issues were fixed : - CVE-2017-2620: In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation bsc1024972 -...
USN-3268-1: QEMU vulnerabilities
Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2016-10028 It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker...
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:0625-1)
This update for qemu fixes several issues. These security issues were fixed : - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS bsc1023907. - CVE-2017-5857: The Virtio...
Security update for qemu (important)
qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation bsc980711 - CVE-2016-4441: Avoid OOB access in 53C9X emulation bsc980723 - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation bsc981266 - CVE-2015-8817: Avoi...
CVE-2015-5158
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...
CVE-2015-5158
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...