kernel: Reserved fields in guest message responses may not be zero initialized

A flaw was found in some AMD CPUs where the guest message responses have not been zero-initialized. This issue may allow a local attacker with the ability to run arbitrary code on a container or virtual machine to discover sensitive information contained in the host system's memory...

Oracle Linux 7 : qemu (ELSA-2021-9638)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9638 advisory. - ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packe...

Design/Logic Flaw

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed ...

CVE-2021-32847 Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed ...

CVE-2021-32847

HyperKit versions 0.20210107 and earlier are affected by a vulnerability in the disk driver that can cause host memory disclosure to a malicious guest. The issue is described as a memory-related flaw (uninitialized memory use) in the PCI virtio block path (pci_vtsock_proc_tx) and is associated wi...

SUSE CVE-2016-5105

The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...

SUSE SLES15 Security Update : libslirp (SUSE-SU-2022:2941-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2941-1 advisory. - An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6input functio...

AZL-35347 CVE-2022-0175 affecting package virglrenderer for versions less than 0.9.1-3

A flaw was found in the VirGL virtual OpenGL renderer virglrenderer. The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading t...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-1622)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2021:4191)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4191 advisory. QEMU: net: e1000e: use-after-free while sending packets CVE-2020-15859 QEMU: slirp: invalid pointer initialization may lead to information disclosure boot...

Ubuntu 21.10 : libslirp vulnerabilities (USN-5009-2)

The remote Ubuntu 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5009-2 advisory. USN-5009-1 fixed vulnerabilities in libslirp. This update provides the corresponding updates for Ubuntu 21.10. Tenable has extracted the preceding descriptio...

Information Disclosure

libslirp is vulnerable to information disclosure. The flaw exists in the udp6input function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest...

CVE-2021-3593

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6input function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or...

CVE-2021-3595

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftpinput function and could occur while processing a udp packet that is smaller than the size of the 'tftpt' structure. This issue may lead to out-of-bounds read access or...

CVE-2021-3595

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftpinput function and could occur while processing a udp packet that is smaller than the size of the 'tftpt' structure. This issue may lead to out-of-bounds read access or...

CVE-2021-3593

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6input function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or...

UBUNTU-CVE-2016-4454

The vmsvgafiforeadraw function in hw/display/vmwarevga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service QEMU process crash by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read...

QEMU scsi information disclosure vulnerability

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. An information disclosure vulnerability exists in QEMU's scsi. When the program is supported using the MegaRAID SAS 8708EM2 Host Bus Adapter emulator, an attacker can...

QEMU 'net/vmxnet3.c' Denial of Service Vulnerability

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in QEMU. An attacker can exploit this vulnerability to disclose host memory and crash the host, denying service to legitimate...

QEMU 'net/vmxnet3.c' denial of service vulnerability (CNVD-2016-00106)

QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in QEMU. An attacker can exploit this vulnerability to disclose host memory and crash the host, denying service to legitimate...