71 matches found
CentOS 7 : qemu-kvm (CESA-2018:2462)
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Important: Red Hat Security Advisory: qemu-kvm security and bug fix update
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
QEMU: i386: multiboot OOB access while loading kernel image
Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...
Debian DSA-4213-1 : qemu - security update (Spectre)
Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. - CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. -...
QEMU: i386: multiboot OOB access while loading kernel image
Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...
QEMU: i386: multiboot OOB access while loading kernel image
Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...
QEMU: i386: multiboot OOB access while loading kernel image
Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...
QEMU: i386: multiboot OOB access while loading kernel image
Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : QEMU vulnerabilities (USN-3649-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3649-1 advisory. Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this...
USN-3649-1: QEMU vulnerabilities
Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2017-16845 Cyrille...
USN-3649-1 qemu vulnerabilities
Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 values during migration. An attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2017-16845 Cyrille...
QEMU: i386: multiboot OOB access while loading kernel image
Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur while loading a kernel image during the guest boot, if mhloadendaddr address is greater than the mhbssendaddr address. A user or process...
openSUSE Security Update : qemu (openSUSE-2018-291) (Spectre)
This update for qemu fixes the following issues : This update has the next round of Spectre v2 related patches, which now integrate with corresponding changes in libvirt. CVE-2017-5715 bsc1068032 The January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by...
SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2018:0762-1) (Spectre)
This update for qemu fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrate with corresponding changes in libvirt. CVE-2017-5715 bsc1068032 The January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by...
Ubuntu 14.04 LTS / 16.04 LTS : QEMU regression (USN-3575-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3575-2 advisory. USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix...
DEBIAN-CVE-2018-7550
The loadmultiboot function in hw/i386/multiboot.c in Quick Emulator aka QEMU allows local guest OS users to execute arbitrary code on the QEMU host via a mhloadendaddr value greater than mhbssendaddr, which triggers an out-of-bounds read or write memory access...
UBUNTU-CVE-2018-7550
The loadmultiboot function in hw/i386/multiboot.c in Quick Emulator aka QEMU allows local guest OS users to execute arbitrary code on the QEMU host via a mhloadendaddr value greater than mhbssendaddr, which triggers an out-of-bounds read or write memory access...
PT-2018-1904 · Qemu +5 · Qemu +5
Name of the Vulnerable Software and Affected Versions: Qemu affected versions not specified Description: The issue is related to the load multiboot function in Qemu, which can lead to an out-of-bounds read or write memory access when using multiboot. This can allow an attacker to execute arbitrar...
USN-3575-1 qemu vulnerabilities
It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-11334 David Buchanan discovered that QEMU...
EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2017-1321)
According to the versions of the qemu-kvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Quick Emulator QEMU, compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The...