Astra Linux - уязвимость в qemu

An information disclosure vulnerability was discovered in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw resides in the virglcmdgetcapsetinfo function in contrib/vhost-user-gpu/virgl.c, and can occur due to the reading of uninitialized memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002171)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002171 advisory. The ioapicreadindirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPICREGSELECT and...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002192)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002192 advisory. The ioapicreadindirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPICREGSELECT and...

Linux Distros Unpatched Vulnerability : CVE-2025-21981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ice: fix memory leak in aRFS after reset Fix aRFS accelerated Receive Flow Steering structur...

SUSE CVE-2021-3592

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function and could occur while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 byte...

DEBIAN-CVE-2021-3592

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function and could occur while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 byte...

UBUNTU-CVE-2021-3592

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function and could occur while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 byte...

DEBIAN-CVE-2021-3545

An information disclosure vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw exists in virglcmdgetcapsetinfo in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest...

PT-2021-7719

Name of the Vulnerable Software and Affected Versions QEMU versions up to 6.0.0 Description A heap buffer overflow was found in the floppy disk emulator of QEMU. It could occur in fdctrl transfer handler in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest...

Security update for qemu (important)

This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service infinite loop by leveraging an incorrect return value bsc1042159. - CVE-2017-8379: Memory leak in the keyboard input...

USN-3268-1: QEMU vulnerabilities

Zhenhao Hong discovered that QEMU incorrectly handled the Virtio GPU device. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2016-10028 It was discovered that QEMU incorrectly handled the JAZZ RC4030 device. A privileged attacker...

openSUSE Security Update : virglrenderer (openSUSE-2017-415)

This update for virglrenderer fixes the following issues : Security issues fixed : - CVE-2017-6386: memory leakage while in vrendcreatevertexelementsstate bsc1027376 - CVE-2017-6355: integer overflow while creating shader object bsc1027108 - CVE-2017-6317: fix memory leak in add shader program...

DEBIAN-CVE-2016-9932

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix...

DEBIAN-CVE-2015-8701

QEMU aka Quick Emulator built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit tx descriptors in 'txconsume' routine, if a descriptor was to have more than allowed ROCKERTXFRAGSMAX=16 fragments. A privileged user inside guest coul...

DEBIAN-CVE-2016-9846

QEMU aka Quick Emulator built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in updatecursordatavirgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host...

PT-2016-3004 · Qemu +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: The issue is related to an uncontrolled resource consumption in the Virtio GPU emulator hardware of QEMU. It may allow a local attacker to compromise the confidentiality, integrity, and...

CVE-2016-4454

The vmsvgafiforeadraw function in hw/display/vmwarevga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service QEMU process crash by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read...