118 matches found
Astra Linux – Vulnerability in Qemu
A reentrancy issue related to DMA was discovered in the Tulip device emulation in QEMU. When Tulip reads from or writes to the rx/tx descriptor, or copies a rx/tx frame, it does not check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers...
Astra Linux – Vulnerability in Qemu
A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...
Astra Linux – Vulnerability in Qemu
A double-free vulnerability was identified in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto. The memreentrancyguard flag does not provide sufficient protection against reentrancy issues related to DMA operations. This vulnerability could allow a malicious privileged guest user ...
MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2024-8876:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8876:01 advisory. QEMU: virtio: DMA reentrancy issue leads to double free vulnerability CVE-2024-3446 QEMU: Denial of Service via Improper Synchronization in QEMU NBD...
MiracleLinux 9 : qemu-kvm-8.0.0-16.el9.1.ML.1 (AXSA:2023-7001:07)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7001:07 advisory. QEMU: hcd-ehci: DMA reentrancy issue incomplete fix for CVE-2021-3750 CVE-2023-2680 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : qemu-kvm-7.0.0-13.el9 (AXSA:2023-4972:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4972:01 advisory. QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free CVE-2021-3750 QEMU: fdc: heap buffer overflow in DMA read data transfers CVE-2021-3507...
CLSA-2025-1760021660 qemu-kvm: Fix of 3 CVEs
CVE-2021-3750: fix for DMA reentrancy use-after-free - CVE-2023-2680: final fix for CVE-2021-3750 - CVE-2023-0330: fix reentrancy in LSI53c895a SCSI controller...
EUVD-2021-27145
Malware in sbrugna...
EUVD-2022-35183
Malicious code in bioql PyPI...
EUVD-2023-43711
Malicious code in bioql PyPI...
EUVD-2024-32033
Malicious code in bioql PyPI...
CBL Mariner 2.0 Security Update: qemu (CVE-2023-3019)
The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3019 advisory. - A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. Th...
Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow
...
Updated qemu packages fix security vulnerabilities
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of...
MGASA-2024-0387 Updated qemu packages fix security vulnerabilities
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of...
QEMU: virtio: DMA reentrancy issue leads to double free vulnerability
A double free vulnerability was found in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto, where the memreentrancyguard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host,...
Moderate: qemu-kvm security update
Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow...
USN-7094-1 qemu vulnerabilities
It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2019-20382 It was discovered that QEMU...
AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2024:6964)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6964 advisory. QEMU: virtio: DMA reentrancy issue leads to double free vulnerability CVE-2024-3446 QEMU: Denial of Service via Improper Synchronization in QEMU NBD Serve...
QEMU: virtio: DMA reentrancy issue leads to double free vulnerability
A double free vulnerability was found in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto, where the memreentrancyguard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host,...