QEMU: usb: out-of-bounds r/w access issue while processing usb packets

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...

QEMU: usb: out-of-bounds r/w access issue while processing usb packets

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...

QEMU: usb: out-of-bounds r/w access issue while processing usb packets

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...

QEMU: usb: out-of-bounds r/w access issue while processing usb packets

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...

QEMU heap buffer overflow vulnerability (CNVD-2020-54916)

QEMU is a set of simulation processors written by Fabrice Bellard and distributed with source code under the GPL license, widely used on the GNU/Linux platform. A security vulnerability exists in QEMU, which originates in hw/sd/sdhci.c that triggers a memory corruption, which triggers a denial of...

QEMU Reuse After Release Vulnerability

QEMU Quick Emulator is a set of simulation processor software by French software developer Fabrice Bellard. The software is fast, cross-platform and other characteristics. QEMU has a security vulnerability that originates from hw/usb/hcd-ehci.c that forces the use of a freed memory area to trigge...

Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.

...

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in do_token_out routines. This flaw allows a guest user to crash the QEMU process resulting in a denial of service or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

...

PT-2022-7369 · Qemu +11 · Qemu +11

Name of the Vulnerable Software and Affected Versions: QEMU versions prior to 7.0.0 Description: A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted conte...

UBUNTU-CVE-2020-14364

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash...

Microsoft Windows Hyper-V RemoteFX vGPU Input Validation Error Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Hyper-V RemoteFX vGPU is one of the GPU virtualization and remote...

Microsoft Hyper-V RemoteFX vGPU Buffer Overflow Vulnerability (CNVD-2020-45323)

Microsoft Windows is a popular operating system. A buffer overflow vulnerability exists in Microsoft Hyper-V RemoteFX vGPU. An attacker can exploit this vulnerability by running a specially crafted application on a virtual machine operating system to execute arbitrary code on the host operating...

QEMU: Slirp: potential OOB access due to unsafe snprintf() usages

An out-of-bounds heap buffer access flaw was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in tcpemu routine while emulating IRC and other protocols due to unsafe usage of the snprintf3 function. A user or process could use this flaw to crash the QEMU process...

vmware_escape

This is an exploit module for VMware Workstation prior to version 12.5.5. The exploit targets a vulnerability in the way VMware handles certain types of memory access, allowing an attacker to execute arbitrary code on the host system. The exploit is designed to be used by an attacker who has gain...

QEMU: Slirp: potential OOB access due to unsafe snprintf() usages

An out-of-bounds heap buffer access flaw was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in tcpemu routine while emulating IRC and other protocols due to unsafe usage of the snprintf3 function. A user or process could use this flaw to crash the QEMU process...

CVE-2020-10565

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command read or write by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhy...

Exploit for OS Command Injection in Docker

This is a PoC exploit for CVE-2019-5736, a Docker escape vulnerability. The target product/service is Docker, and the vulnerability class/vector is a Docker escape. The probable entry point is the Dockerfile, which contains a series of RUN commands that ultimately lead to the execution of the...

VMware Workstation and VMware Fusion Out-of-Bounds Write Vulnerability

VMware Workstation is a desktop virtual computing software from VMware with Windows and Linux versions. VMware Fusion is a virtual machine hypervisor developed by VMware for Macintosh computers. An out-of-bounds write vulnerability exists in the e1000e virtual network adapter in VMware Workstatio...

CVE-2019-5541

VMware Workstation 15.x before 15.5.1 and Fusion 11.x before 11.5.1 contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service...

QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams

A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS...