CVE-2024-43829 drm/qxl: Add check for drm_cvt_mode

In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drmcvtmode Add check for the return value of drmcvtmode and return the error if it fails in order to avoid NULL pointer dereference...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1086)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Improper access control in the IntelR Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to...

USN-6549-2: Linux kernel (GKE) vulnerabilities

It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service system crash. CVE-2023-37453 Lin Ma...

Ubuntu 22.04 LTS / 23.04 : Linux kernel vulnerabilities (USN-6534-1)

The remote Ubuntu 22.04 LTS / 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6534-1 advisory. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations,...

CVE-2023-39198 Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()

A race condition was found in the QXL driver in the Linux kernel. The qxlmodedumbcreate function dereferences the qobj returned by the qxlgemobjectcreatewithhandle, but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigge...

CVE-2023-1601

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

EulerOS Virtualization 2.10.0 : qemu (EulerOS-SA-2023-1944)

According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register i...

Oracle Linux 8 : virt:kvm_utils2 (ELSA-2023-12195)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12195 advisory. - hw/pvrdma: Protect against buggy or malicious guest driver Yuval Shaia Orabug: 35064352 CVE-2022-1050 - hw/display/qxl: Avoid buffer overrun in...

SUSE CVE-2021-4206

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on th...

CVE-2022-4144

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use th...

CVE-2022-4144

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use th...

CVE-2022-4144

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use th...

CVE-2022-4144

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use th...

CVE-2022-4144

CVE-2022-4144 relates to the QEMU QXL display device emulation. The vulnerability is an out-of-bounds read in qxl_phys2virt(), which does not validate the size of the guest-allocated structure, potentially reading past the BAR space and crashing the host QEMU process, causing a denial-of-service....

CVE-2022-4144

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest's physical address, potentially reading past the end of the bar space into adjacent pages. This could allow a malicious gues...

CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2022:5821)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:5821 advisory. - QEMU: QXL: integer overflow in cursoralloc can lead to heap buffer overflow CVE-2021-4206 - QEMU: QXL: double fetch in qxlcursor can lead to heap...

QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on th...

QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...

CVE-2021-4206

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on th...

CVE-2021-4206

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on th...