SUSE CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue...

SUSE CVE-2016-6351

The espdodma function in hw/scsi/esp.c in QEMU aka Quick Emulator, when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash or execute arbitrary code on the QEMU host via vectors involvi...

SUSE CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this fla...

SUSE CVE-2017-2620

Quick emulator QEMU before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrusbitbltcputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially...

SUSE CVE-2017-8903

Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213...

SUSE CVE-2017-8904

Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOPtransfer aka guest transfer operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214...

SUSE CVE-2017-14167

Integer overflow in the loadmultiboot function in hw/i386/multiboot.c in QEMU aka Quick Emulator allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write...

SUSE CVE-2017-15588

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry...

SUSE CVE-2021-3713

An out-of-bounds write flaw was found in the UAS USB Attached SCSI device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice-data3 and UASDevice-status3 fields. A malicious guest use...

SUSE CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

SUSE CVE-2021-3929

A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...

SUSE CVE-2021-21261

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. This sandbox-escape bug is present in versio...

Tenable.sc 输入验证错误漏洞

Tenable Network Security Tenable.Sc is a vulnerability analysis solution from Tenable Network Security, USA. Sc is a vulnerability analysis solution from Tenable Network Security, Inc. that supports real-time vulnerability assessment and management, among other things. A security vulnerability...

QEMU 资源管理错误漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. QEMU suffers from a security vulnerability that originates from the fact that an attacker on a client system can force the reuse of a freed...

OESA-2022-1733 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset...

QEMU: virtio-net: map leaking on error during receive

A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage, use-after-free or other unexpected results. A malicious privileged guest could exploit...

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.

...

AZL-9701 CVE-2021-3750 affecting package qemu for versions less than 6.2.0-16

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...

UBUNTU-CVE-2021-4207

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...

CVE-2022-20718

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being...