35 matches found
MiracleLinux 7 : qemu-kvm-1.5.3-175.el7.1 (AXSA:2020-748:04)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-748:04 advisory. QEMU: usb: out-of-bounds r/w access issue while processing usb packets CVE-2020-14364 QEMU: slirp: use-after-free in ipreass function in ipinput.c...
MiracleLinux 8 : virt:rhel (AXSA:2020-911:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-911:01 advisory. QEMU: usb: out-of-bounds r/w access issue while processing usb packets CVE-2020-14364 QEMU: slirp: networking out-of-bounds read information disclosu...
EUVD-2020-18377
Malware in sbrugna...
EUVD-2016-10698
Malware in sbrugna...
EUVD-2017-18310
Malware in sbrugna...
EUVD-2016-3614
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-3750
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it...
Linux Distros Unpatched Vulnerability : CVE-2016-2392
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The isrndis function in the USB Net device emulator hw/usb/dev-network.c in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects,...
QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
...
SUSE CVE-2021-3682
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk...
CVE-2020-14394
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service...
CVE-2021-3682
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk...
DEBIAN-CVE-2021-3682
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free with faked heap chunk...
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single large transfer request to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack resulting in a denial of service.
...
Design/Logic Flaw
A flaw was found in the USB redirector device usb-redir of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array VLA on the stack...
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host resulting in a denial of service.
...
CVE-2020-25723
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on t...
QEMU: usb: out-of-bounds r/w access issue while processing usb packets
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...
QEMU: usb: out-of-bounds r/w access issue while processing usb packets
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...