PT-2024-29640 · Bhyve +1 · Bhyve +1

Name of the Vulnerable Software and Affected Versions: bhyve affected versions not specified Description: Malicious software running in a guest VM can exploit a buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. The bhyve process ru...

PT-2024-8702 · Bhyve +1 · Bhyve +1

Name of the Vulnerable Software and Affected Versions: bhyve affected versions not specified Description: The issue is related to an insufficient boundary validation in the USB code, which could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privilege...

The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU as used in 7.0.0 and earlier allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.

...

CVE-2024-22267

VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

Corel Parallels Desktop 安全漏洞

Parallels Desktop is a virtual machine management software that runs on mac computers and allows users to easily run Windows/Linux operating systems and applications under macOS. A malicious program in quarantine can escape through the virtual machine to execute arbitrary code in the host compute...

UBUNTU-CVE-2024-3446

A double free vulnerability was found in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto, where the memreentrancyguard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host,...

CVE-2022-23092

The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The bug can be triggered by a malicious bhyve gue...

SUSE CVE-2022-36648

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

AZL-28069 CVE-2022-36648 affecting package qemu for versions less than 6.2.0-17

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

AZL-35162 CVE-2022-36648 affecting package qemu for versions less than 6.2.0-18

The hardware emulation in the ofdpacmdaddl2flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third...

PT-2023-4550 · Qemu +2 · Qemu +2

Name of the Vulnerable Software and Affected Versions: QEMU versions 7.0.0 and earlier Description: The issue is related to errors in pointer dereferencing in the of dpa cmd add l2 flood module of the QEMU hardware emulator. Exploitation of this issue may allow a remote attacker to cause a denial...

CVE-2023-3494

The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copyin...

GHSA-CH3R-J5X3-6Q2M vm2 Sandbox Escape vulnerability

There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat actor can bypass the sandbox...

PT-2023-2417

Name of the Vulnerable Software and Affected Versions vm2 versions up to 3.9.16 Description The issue exists due to inadequate sanitization of special elements in the handleException function of the vm2 library, allowing a remote attacker to escape the sandbox and execute arbitrary code in the ho...

CVE-2021-45464

Removed by vendor...

GHSA-XJ72-WVFV-8985 vm2 Sandbox Escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat...

PT-2023-9255 · Parallels · Parallels Desktop

Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: The issue is related to a heap-based buffer overflow in the Toolgate component of Parallels Desktop, which can be exploited by local attackers to escalate privileges and execute...

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU resulting in a denial of service condition or potentially execute code on the host with the privileges of the QEMU process.

...

SUSE CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands...

SUSE CVE-2015-5225

Buffer overflow in the vncrefreshserversurface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service heap memory corruption and process crash or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the serve...