12 matches found
Azure Linux 3.0 Security Update: qemu (CVE-2023-3301)
The version of qemu installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3301 advisory. - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend i...
ROS-20240606-01
A vulnerability in QEMU's USB EHCI controller emulation is related to the lack of checks if the buffer pointer overlaps with the MMIO register when transmitting USB packets. the buffer pointer overlaps with the MMIO region when transmitting USB packets. Exploitation of the vulnerability could all...
EulerOS Virtualization 2.11.0 : qemu (EulerOS-SA-2023-3389)
According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the...
Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2023-6980)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6980 advisory. - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz2101280 - Fixes: CVE-2022-40284 - Fixes: CVE-2021-46790, CVE-2022-30783,...
Oracle Linux 7 : qemu (ELSA-2023-12834)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12834 advisory. - virtio-crypto: verify src&dst buffer length for sym request Zhenwei Pi Orabug: 35724113 CVE-2023-3180 - hw/scsi/lsi53c895a: Fix reentrancy issues in...
CVE-2023-3301
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...
CVE-2023-3301
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...
Sql injection
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...
CVE-2023-3301
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...
CVE-2023-3301
CVE-2023-3301 describes a race condition in QEMU’s hot-unplug of virtio-net NICs where the net device backend can be cleared before the PCI frontend is unplugged, enabling a malicious guest to trigger an assertion and cause a denial of service. Public documents confirm a vulnerability in QEMU wit...
CVE-2023-3301
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...
CVE-2023-3301
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service...