SUSE CVE-2017-14167

Integer overflow in the loadmultiboot function in hw/i386/multiboot.c in QEMU aka Quick Emulator allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write...

SUSE CVE-2018-7550

The loadmultiboot function in hw/i386/multiboot.c in Quick Emulator aka QEMU allows local guest OS users to execute arbitrary code on the QEMU host via a mhloadendaddr value greater than mhbssendaddr, which triggers an out-of-bounds read or write memory access...

Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values which trigger an out-of-bounds write.

...

DEBIAN-CVE-2018-7550

The loadmultiboot function in hw/i386/multiboot.c in Quick Emulator aka QEMU allows local guest OS users to execute arbitrary code on the QEMU host via a mhloadendaddr value greater than mhbssendaddr, which triggers an out-of-bounds read or write memory access...

The vulnerability of the load_multiboot function (hw/i386/multiboot.c) in the QEMU hardware emulation driver allows a hacker to execute arbitrary code.

The vulnerability of the loadmultiboot function hw/i386/multiboot.c in the QEMU hardware emulation driver is caused by a numerical overflow. Exploiting this vulnerability allows a attacker operating on the local guest operating system to execute arbitrary code on the host operating system using a...