MiracleLinux 9 : qemu-kvm-7.0.0-13.el9 (AXSA:2023-4972:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4972:01 advisory. QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free CVE-2021-3750 QEMU: fdc: heap buffer overflow in DMA read data transfers CVE-2021-3507...

PT-2022-23530 · Xhyve · Xhyve

Name of the Vulnerable Software and Affected Versions: xhyve version dfbe09b Description: The issue is related to a NULL pointer dereference via the vi pci write component. This allows attackers to cause a Denial of Service via unspecified vectors. Recommendations: For xhyve version dfbe09b,...

OSV-2022-586 Heap-use-after-free in op_pci_write

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49107 Crash type: Heap-use-after-free READ 4 Crash state: oppciwrite genericfuzz fuzz.c...

QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c

A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition...