CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

3.2CVSS6.6AI score0.00357EPSS

Astra Linux – Vulnerability in Qemu

A reachable assertion issue was detected in the USB EHCI emulation code of QEMU. This issue can occur during the processing of USB requests due to a faulty handling of the DMA memory map. A malicious privileged user within the guest environment may exploit this flaw to send invalid USB requests,...

AstraLinux•added 2026/06/19 11:10 a.m.•10 views

Astra Linux – Vulnerability in Linux, Linux 5.10

There is a bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating an NFC device from user-space...

5.5CVSS6.6AI score0.00228EPSS

5.5CVSS6AI score0.00225EPSS

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark the target gfn of the emulated atomic instruction as dirty. When emulating an atomic access on behalf of the guest, mark the target gfn as dirty if the CMPXCHG instruction attempts to execute but fails without...

AstraLinux•added 2026/06/19 11:10 a.m.•7 views

Astra Linux – Vulnerability in Qemu

A use-after-free vulnerability was discovered in the LSI53C895A SCSI Host Bus Adapter emulation in QEMU. The flaw occurs during the processing of repeated messages to cancel the current SCSI request using the lsidomsgout function. This flaw allows a malicious privileged user within the guest to...

4.4CVSS6.7AI score0.00405EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Qemu

QEMU 4.2.0 has a use-after-free issue in hw/net/e1000ecore.c, as a user of the guest OS can trigger an e1000e packet with the data’s address set to the e1000e’s MMIO address...

3.3CVSS6.4AI score0.00437EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability in Qemu

A reentrancy issue related to DMA was discovered in the USB EHCI controller emulation of QEMU. EHCI does not verify whether the Buffer Pointer overlaps with its MMIO region when transferring USB packets. Crafted content may be written to the controller’s registers, potentially triggering...

8.2CVSS7AI score0.0053EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•13 views

Astra Linux – Vulnerability in Qemu

A out-of-bounds write flaw was discovered in the UAS USB-attached SCSI device emulation in QEMU in versions prior to 6.2.0-rc0. The device uses the guest-provided stream number without proper checking, which can lead to out-of-bounds access to the UASDevice-data3 and UASDevice-status3 fields. A...

7.4CVSS6.8AI score0.00566EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•1 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICCSGIEL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest has not been configured with a GICv3, and the host is not capable of emulating GICv2, writing to any of the ICCSGIEL1 registers will...

5.5CVSS6.2AI score0.00232EPSS

4.4CVSS5.8AI score0.00315EPSS

Astra Linux – Vulnerability in Qemu

A NULL pointer dereference flaw was discovered in the am53c974 SCSI host bus adapter emulation in QEMU in versions prior to 6.0.0. This issue occurs when handling the “Information Transfer” command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a...

8.2CVSS7.4AI score0.00399EPSS

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the QXL display device emulation in QEMU. The double retrieval of the guest-controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object, followed by a subsequent heap-based buffer overflow. A malicious privileged gues...

AstraLinux•added 2026/06/19 11:10 a.m.•6 views

Astra Linux – Vulnerability in Qemu

An infinite loop flaw was discovered in the USB xHCI controller emulation of QEMU while calculating the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to halt the QEMU process on the host, resulting in a denial of service...

3.2CVSS5.6AI score0.00363EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Do not retire an aborted MMIO instruction Returning an abort to the guest for an unsupported MMIO access is a documented feature of the KVM UAPI. However, it’s clear that this functionality has been tested limitedly, ...

5.5CVSS6.3AI score0.00217EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in Qemu

An “off-by-one” error was detected in the SCSI device emulation in QEMU. This error could occur during the processing of MODE SELECT commands in modesensepage, if the ‘page’ argument is set to MODEPAGEALLS 0x3f. A malicious guest could exploit this flaw to potentially cause QEMU to crash, resulti...

6.5CVSS6.7AI score0.00338EPSS

AstraLinux•added 2026/06/19 11:10 a.m.•4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn’t valid Skip the WRMSR and HLT fastpaths in SVM’s VM-Exit handler if the next RIP isn’t valid, for example, because KVM is running with nrips=false. SVM must decode and...

5.8AI score0.00197EPSS