USN-8161-1 qemu vulnerabilities

It was discovered that the LSI53C895A SCSI Host Bus Adapter implementation of QEMU incorrectly handled memory. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2024-6519 It was discovered...

EUVD-2022-15418

Malicious code in bioql PyPI...

CVE-2024-6519

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape...

CVE-2024-6519

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape...

UBUNTU-CVE-2024-6519

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape...

CVE-2024-6519

CVE-2024-6519 affects QEMU’s LSI53C895A SCSI Host Bus Adapter emulation. The vulnerability is a use-after-free in the emulation code, leading to a crash or VM escape. CVSS metrics indicate a local, low-complexity exploit with high impact ( Confidentiality/Integrity/Availability: HIGH; Privileges ...

CVE-2024-6519 Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape...

CVE-2024-6519 Qemu: scsi: lsi53c895a: use-after-free local privilege escalation vulnerability

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape...

SUSE CVE-2024-6519

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape...

CVE-2024-6519

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape...

Oracle Linux 8 : virt:kvm_utils1 (ELSA-2024-12435)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12435 advisory. - Document CVEs as fixed Karl Heubaum CVE-2023-2700 - Fix off-by-one error in udevListInterfacesByStatus Martin Kletzander Orabug: 36364474...

Oracle Linux 9 : qemu-kvm (ELSA-2024-12407)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12407 advisory. - ui/clipboard: add asserts for update and request Fiona Ebner Orabug: 36323175 CVE-2023-6683 - ui/clipboard: mark type as not available when there is...

OESA-2024-1494 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or...

Oracle Linux 7 : qemu (ELSA-2023-12834)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12834 advisory. - virtio-crypto: verify src&dst buffer length for sym request Zhenwei Pi Orabug: 35724113 CVE-2023-3180 - hw/scsi/lsi53c895a: Fix reentrancy issues in...

qemu security update

15:4.2.1-28.el7 - virtio-crypto: verify src&dst buffer length for sym request Zhenwei Pi Orabug: 35724113 CVE-2023-3180 - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller CVE-2023-0330 Thomas Huth Orabug: 35724112 CVE-2023-0330 - kvm: Atomic memslot updates David Hildenbrand Orabug...

Amazon Linux 2 : qemu (ALAS-2023-2191)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2191 advisory. There is a vulnerability in the lsi53c895a device which affects the latest version of qemu. The carefully designed PoC can repeatedly...

Medium: qemu

Issue Overview: There is a vulnerability in the lsi53c895a device which affects the latest version of qemu. The carefully designed PoC can repeatedly trigger DMA writes but does not limit the addresses written to the DMA, resulting in reentrancy issues and eventually overflow. CVE-2023-0330...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qemu (SUSE-SU-2023:3082-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3082-1 advisory. - A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO...

Medium: qemu

Issue Overview: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles o...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : QEMU vulnerabilities (USN-6167-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6167-1 advisory. It was discovered that QEMU did not properly manage the guest drivers when shared buffers are not allocated. ...