ROS-20240401-01

Vulnerability of idedmacb function of QEMU hardware emulator is related to synchronization errors when processing the DRQSTAT parameter. Exploitation of the vulnerability could allow an attacker to gain access to read, modify, or delete data or cause a denial of service Vulnerability in the...

The vulnerability of the ide_dma_cb() function in QEMU’s hardware emulation software lies in its insufficient checking of unusual or exceptional states. This allows a malicious actor to trigger a service failure.

The vulnerability of the idedmacb function in the hardware emulation for various QEMU platforms is related to a bug in the host system, triggered through the special SCSIIOCTLSENDCOMMAND. This bug requires that the size of successfully transferred DMA operations be a multiple of 512 equal to the...

QEMU 'ide_dma_cb()' function denial of service vulnerability

QEMU Quick Emulator is a set of simulation processor software by French software developer Fabrice Bellard. The software is fast, cross-platform and other characteristics. A security vulnerability exists in the 'idedmacb' function in the hw/ide/core.c file in QEMU versions 2.4.0 through 4.2.0. An...

Design/Logic Flaw

DISPUTED An issue was discovered in idedmacb in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSIIOCTLSENDCOMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512...

CVE-2019-20175

CVE-2019-20175 affects QEMU 2.4.0–4.2.0 in ide_dma_cb() (hw/ide/core.c). A guest can crash the QEMU host process by issuing a privileged SCSI_IOCTL_SEND_COMMAND, triggering an assertion that the size of successful DMA transfers must be a multiple of 512 (sector size). The issue is cited in multip...