204 matches found
Remote Code Execution (RCE)
QEMU is vulnerable to remote code execution. An integer overflow in the virtionetload function in hw/net/virtio-net.c allows a remote attacker to execute arbitrary code via a malicious savevm image...
RedHat Update for qemu-kvm RHSA-2015:0349-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: qemu-kvm-rhev security, bug fix, and enhancement update
Updated qemu-kvm-rhev packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Virtualization Hypervisor 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring Syste...
qemu: insufficient parameter validation during ram load
It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data either on the disk or over the wire during migration could use either of these flaws to corrupt QEMU process memory on the destination host, which could...
CVE-2014-7840
The hostfromstreamoffset function in archinit.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted 1 offset or 2 length value in savevm data...
Design/Logic Flaw
The hostfromstreamoffset function in archinit.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted 1 offset or 2 length value in savevm data...
CVE-2014-7840
The hostfromstreamoffset function in archinit.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted 1 offset or 2 length value in savevm data...
USN-2439-1 qemu, qemu-kvm vulnerabilities
Michael S. Tsirkin discovered that QEMU incorrectly handled certain parameters during ram load while performing a migration. An attacker able to manipulate savevm data could use this issue to possibly execute arbitrary code on the host. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS,...
PT-2014-8307 · Qemu +5 · Qemu +5
Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: The issue allows remote attackers to execute arbitrary code via a crafted offset or length value in savevm data, specifically in the host from stream offset function in arch init.c when loadin...
DEBIAN-CVE-2013-4542
The virtioscsiloadrequest function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access...
CVE-2013-4542
The virtioscsiloadrequest function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access...
CVE-2013-6399
Array index error in the virtioload function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image...
CVE-2014-0182
Heap-based buffer overflow in the virtioload function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image...
CVE-2014-0182
Heap-based buffer overflow in the virtioload function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image...
CVE-2014-3461
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."...
DEBIAN-CVE-2013-6399
Array index error in the virtioload function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image...
CVE-2013-4542
The virtioscsiloadrequest function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access...
DEBIAN-CVE-2014-0182
Heap-based buffer overflow in the virtioload function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image...
DEBIAN-CVE-2014-3461
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."...
CVE-2013-4151
The virtioload function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write...