Astra Linux - уязвимость в qemu

QEMU 4.2.0 has a use-after-free issue in hw/net/e1000ecore.c, as a user of the guest OS can trigger an e1000e packet with the data’s address set to the e1000e’s MMIO address...

Astra Linux - уязвимость в qemu

A reachable assertion issue was detected in the USB EHCI emulation code of QEMU. This issue can occur during the processing of USB requests due to a faulty handling of the DMA memory map. A malicious privileged user within the guest environment may exploit this flaw to send invalid USB requests,...

Astra Linux - уязвимость в qemu

An integer underflow issue was discovered in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could exploit this flaw to render QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...

QEMU 安全漏洞

QEMU Quick Emulator is a simulation software for processors developed by Fabrice Bellard from France. This software features high speed and cross-platform capabilities. QEMU has a security vulnerability, which stems from the lack of length restrictions on the virtio-crypto device. This...

MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2021-2165:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2165:01 advisory. libvirt: double free in qemuAgentGetInterfaces in qemuagent.c CVE-2020- 25637 QEMU: heap buffer overflow in msixtablemmiowrite in hw/pci/msix.c...

DEBIAN-CVE-2024-8354

A flaw was found in QEMU. An assertion failure was present in the usbepget function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition...

SUSE CVE-2016-5337

The megasasctrlgetinfo function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information...

Intel HAXM 安全漏洞

Intel HAXM Intel Hardware Accelerated Execution Manager is a cross-platform hardware-assisted virtualization engine hypervisor from Intel Corporation that is widely used as a gas pedal for Android Emulator and QEMU. A security vulnerability exists in Intel Hardware Accelerated Execution Manager...

Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide

Researchers on Monday took the wraps off a newly discovered Linux and Windows re-implementation of Cobalt Strike Beacon that's actively set its sights on government, telecommunications, information technology, and financial institutions in the wild. The as-yet undetected version of the penetratio...

Deamon Tools Pro 输入验证错误漏洞

Deamon Tools Pro is a simulation emulation software that facilitates the creation and installation of images. An input validation error vulnerability exists in Deamon Tools Pro. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor...

QEMU 安全漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU that stems from a flaw found in USB redirection device emulation in versions of QEMU prior to 6.1.0-rc2...

UBUNTU-CVE-2019-20808

In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the aticursordefine routine while handling MMIO write operations through the atimmwrite callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service...

QEMU: Slirp: potential directory traversal using relative paths via tftp server on Windows host

A potential directory traversal issue was found in the tftp server of the SLiRP user-mode networking implementation used by QEMU. It could occur on a Windows host, as it allows the use of both forward '/' and backward slash'' tokens as separators in a file path. A user able to access the tftp...

QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables

tcpemu in slirp/tcpsubr.c aka slirp/src/tcpsubr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure...

QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams

A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS...

QEMU 'b/nbd/server.c' Denial of Service Vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in QEMU 'b/nbd/server.c'. An attacker can exploit the vulnerability to cause a denial of service...

UBUNTU-CVE-2017-2615

Quick emulator QEMU built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or...

qemu: pcnet: multi-tmd buffer overflow in the tx path

A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the...

UBUNTU-CVE-2015-4106

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service host crash, obtain sensitive information, or possibly have other unspecified impact via unknown vectors...

qemu: virtio: out-of-bounds buffer write on state load with invalid config_len

Heap-based buffer overflow in the virtioload function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image...