Astra Linux - уязвимость в qemu

A out-of-bounds write flaw was discovered in the UAS USB-attached SCSI device emulation in QEMU in versions prior to 6.2.0-rc0. The device uses the guest-provided stream number without proper checking, which can lead to out-of-bounds access to the UASDevice-data3 and UASDevice-status3 fields. A...

Astra Linux - уязвимость в qemu

An infinite loop flaw was discovered in the USB xHCI controller emulation of QEMU while calculating the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to halt the QEMU process on the host, resulting in a denial of service...

CVE-2025-34469 Cowrie < 2.9.0 Unrestricted wget/curl Emulation Enables SSRF-Based DDoS Amplification

Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...

EUVD-2020-23173

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-2596

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nestedvmxcheckvmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS...

The vulnerability of the SCSI CD/DVD Device Emulation mode in VMware Fusion and Vmware Workstation allows a hacker to execute arbitrary code.

The vulnerability of the SCSI CD/DVD Device Emulation mode in VMware Fusion and Vmware Workstation lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

SUSE CVE-2019-18425

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performe...

SUSE CVE-2021-3713

An out-of-bounds write flaw was found in the UAS USB Attached SCSI device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice-data3 and UASDevice-status3 fields. A malicious guest use...

SUSE CVE-2022-1050

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition...

The vulnerability of the PVRDMA_CMD_CREATE_MR command in the QEMU hardware emulation software allows a hacker to trigger a service failure.

The vulnerability of the PVRDMACMDCREATEMR command in the QEMU hardware emulation software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to cause a system failure...

UBUNTU-CVE-2020-14394

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service...

UBUNTU-CVE-2021-4207

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...

The vulnerability of the hw/display/ati_2d.c component in the hardware/display/ati_2d emulation software by QEMU, due to incorrect calculations, allows a hacker to trigger a service failure.

The vulnerability of the hw/display/ati2d.c component in the hardware/display/ati2d emulator of QEMU is related to incorrect calculations. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

DEBIAN-CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...

CVE-2018-8219

An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

UBUNTU-CVE-2017-2596

The nestedvmxcheckvmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service host OS memory consumption by leveraging the mishandling of page references...

ALPINE-CVE-2016-9385

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service host crash by leveraging lack of canonical address checks...

USN-2974-1 qemu, qemu-kvm vulnerabilities

Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2016-2391 Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A...

kernel: int80 fork from 64-bit tasks mishandling

A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system...