Astra Linux - уязвимость в qemu

A issue was discovered in QEMU versions 7.1.0 through 8.2.1. In hw/pci/pciesriov.c, the registervfs function does not set NumVFs to PCISRIOVTOTALVF, resulting in improper interaction with hw/nvme/ctrl.c...

CVE-2025-39778

Technical details about CVE-2025-39778 (affected product, impact, and fix specifics) are not provided in the connected documents. Monitor for official disclosures and vendor advisories for updates and patch information.

Linux Distros Unpatched Vulnerability : CVE-2022-48790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme: fix a possible use-after-free in controller reset during load Unlike .queuerq, in .submitasyncevent drivers may not check the ctrl readiness for AER...

CVE-2024-53169 nvme-fabrics: fix kernel crash while shutting down controller

In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: fix kernel crash while shutting down controller The nvme keep-alive operation, which executes at a periodic interval, could potentially sneak in while shutting down a fabric controller. This may lead to a race betwe...

CVE-2024-53169

In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: fix kernel crash while shutting down controller The nvme keep-alive operation, which executes at a periodic interval, could potentially sneak in while shutting down a fabric controller. This may lead to a race betwe...

SUSE CVE-2022-48790

In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queuerq, in .submitasyncevent drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condition that was observed...

CVE-2022-48790 nvme: fix a possible use-after-free in controller reset during load

In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queuerq, in .submitasyncevent drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condition that was observed...

DEBIAN-CVE-2024-26328

An issue was discovered in QEMU 7.1.0 through 8.2.1. registervfs in hw/pci/pciesriov.c does not set NumVFs to PCISRIOVTOTALVF, and thus interaction with hw/nvme/ctrl.c is mishandled...

CVE-2024-26328

An issue was discovered in QEMU 7.1.0 through 8.2.1. registervfs in hw/pci/pciesriov.c does not set NumVFs to PCISRIOVTOTALVF, and thus interaction with hw/nvme/ctrl.c is mishandled...

QEMU Security Vulnerabilities

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU versions 7.1.0 through 8.2.1, which stems from a mishandled interaction with hw/nvme/ctrl.c because...

CVE-2024-26328

An issue was discovered in QEMU 7.1.0 through 8.2.1. registervfs in hw/pci/pciesriov.c does not set NumVFs to PCISRIOVTOTALVF, and thus interaction with hw/nvme/ctrl.c is mishandled...

SUSE CVE-2023-40360

QEMU through 8.0.4 accesses a NULL pointer in nvmedirectivereceive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled...

Design/Logic Flaw

A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...

USN-5489-1: QEMU vulnerabilities

Alexander Bulekov discovered that QEMU incorrectly handled floppy disk emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak sensitive information. CVE-2021-3507 It was discovered that QEMU incorrectly...