8 matches found
MiracleLinux 8 : virt:rhel and virt-devel:rhel (AXSA:2022-3705:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3705:01 advisory. QEMU: virtio-net: heap use-after-free in virtionetreceivercu CVE-2021-3748 ntfs-3g: Out-of-bounds heap buffer access in ntfsgetattributevalue due to...
Linux Distros Unpatched Vulnerability : CVE-2024-6505
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirectionstable data within RSS becomes...
SUSE CVE-2015-7295
hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...
SUSE CVE-2022-26353
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0...
QEMU: virtio-net: map leaking on error during receive
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage, use-after-free or other unexpected results. A malicious privileged guest could exploit...
Oracle Linux 7 : olcne (ELSA-2022-9491)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9491 advisory. 1.5.3-1 - Address qemu CVE-2022-26353, CVE-2021-3748 Tenable has extracted the preceding description block directly from the Oracle Linux security...
DEBIAN-CVE-2022-26353
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0...
UBUNTU-CVE-2013-4150
The virtionetload function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of currqueues is greater than maxqueues, which triggers an out-of-bounds write...