ROS-20240401-01

Vulnerability of idedmacb function of QEMU hardware emulator is related to synchronization errors when processing the DRQSTAT parameter. Exploitation of the vulnerability could allow an attacker to gain access to read, modify, or delete data or cause a denial of service Vulnerability in the...

QEMU 'ide_dma_cb()' function denial of service vulnerability

QEMU Quick Emulator is a set of simulation processor software by French software developer Fabrice Bellard. The software is fast, cross-platform and other characteristics. A security vulnerability exists in the 'idedmacb' function in the hw/ide/core.c file in QEMU versions 2.4.0 through 4.2.0. An...

Design/Logic Flaw

DISPUTED An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512...

CVE-2019-20175

CVE-2019-20175 affects QEMU 2.4.0–4.2.0 in ide_dma_cb() (hw/ide/core.c). A guest can crash the QEMU host process by issuing a privileged SCSI_IOCTL_SEND_COMMAND, triggering an assertion that the size of successful DMA transfers must be a multiple of 512 (sector size). The issue is cited in multip...