9 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-13765
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory...
Amazon Linux AMI : qemu-kvm (ALAS-2021-1488)
The version of qemu-kvm installed on the remote host is prior to 1.5.3-156.26. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1488 advisory. An out-of-bound write access flaw was found in the way QEMU loads ROM contents at boot time. This flaw occurs in the...
Oracle Linux 7 : qemu-kvm (ELSA-2021-0347)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0347 advisory. - Resolves: bz1842923 CVE-2020-13765 qemu-kvm: QEMU: loader: OOB access while loading registered ROM may lead to code execution rhel-7.9.z Tenable has...
CVE-2020-13765
romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...
CVE-2014-0049
Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancelworkitem data...
DEBIAN-CVE-2014-0049
Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancelworkitem data...
CVE-2014-0049
Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancelworkitem data...
CVE-2014-0049
Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancelworkitem data...
CVE-2014-0049
Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancelworkitem data...