6 matches found
RockyLinux 8 : virt:rhel and virt-devel:rhel (RLSA-2026:5578)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:5578 advisory. qemu-kvm: VNC WebSocket handshake use-after-free CVE-2025-11234 Tenable has extracted the preceding description block directly from the RockyLinux security...
qemu-kvm: VNC WebSocket handshake use-after-free
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...
MiracleLinux 7 : qemu-kvm-1.5.3-141.el7.6 (AXSA:2018-2500:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2500:01 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used...
Arbitrary Code Execution
qemu-kvm is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the virtio-blk driver in qemu-kvm did not properly validate read and write requests from guests. A privileged guest user could use this flaw to crash the guest or, possibly, execute arbitrary code on...
Oracle Linux 7 : qemu-kvm (ELSA-2014-0704)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-0704 advisory. 1.5.3-60.el70.2 - kvm-pc-add-hotaddcpu-callback-to-all-machine-types.patch bz1094820 - Resolves: bz1094820 Hot plug CPU not working with RHEL6 machine types...
RHEL 6 : qemu-kvm (RHSA-2011:1531)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1531 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for...