QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams

A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS...

QEMU: device_tree: heap buffer overflow while loading device tree blob

A heap buffer overflow issue was found in the loaddevicetree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potential...

QEMU: device_tree: heap buffer overflow while loading device tree blob

A heap buffer overflow issue was found in the loaddevicetree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potential...

CVE-2019-0965

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...

QEMU: device_tree: heap buffer overflow while loading device tree blob

A heap buffer overflow issue was found in the loaddevicetree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potential...

CVE-2019-0620

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...

CVE-2019-5525

VMware Workstation 15.x before 15.1.0 contains a use-after-free vulnerability in the Advanced Linux Sound Architecture ALSA backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where...

CVE-2019-5524

VMware Workstation 14.x before 14.1.6 and Fusion 10.x before 10.1.6 contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host...

QEMU Media Transport Protocol Directory Traversal Vulnerability

QEMU aka Quick Emulator is a suite of simulation processor software. The software is fast and cross-platform. A security vulnerability exists in the media transfer protocol in versions of QEMU prior to 3.1.0, which stems from the program's failure to properly filter usernames. An attacker could...

USN-3826-1 qemu vulnerabilities

Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2018-10839 It was discovered that QEMU incorrectly handled the Slirp networking back-en...

VMware ESXi, Workstation and Fusion Uninitialized Stack Memory Usage Vulnerability

VMware ESXi, Workstation, and Fusion are all products of VMware, Inc. VMware ESXi is a server virtualization platform that can be installed directly on physical servers; VMware Workstation is a suite of virtual machine software; and Fusion is a suite of virtual machine software that is designed t...

QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams

A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS...

ALPINE-CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this fla...

ALPINE-CVE-2017-2620

Quick emulator QEMU before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrusbitbltcputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially...

DEBIAN-CVE-2017-2615

Quick emulator QEMU built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or...

QEMU: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...

QEMU: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...

QEMU: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...

QEMU: i386: multiboot OOB access while loading kernel image

Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...

UBUNTU-CVE-2018-7550

The loadmultiboot function in hw/i386/multiboot.c in Quick Emulator aka QEMU allows local guest OS users to execute arbitrary code on the QEMU host via a mhloadendaddr value greater than mhbssendaddr, which triggers an out-of-bounds read or write memory access...