26 matches found
SUSE CVE-2024-6519
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape...
QEMU SCSI Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of th...
SUSE SLES12: qemu / qemu-arm / qemu-audio-alsa / qemu-audio-oss / qemu-audio-pa / etc (SUSE-SU-2024:1395-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1395-1 advisory. - CVE-2021-3750: Fixed DMA reentrancy issue that could lead to use-after-free bsc1190011 - CVE-2022-0216: Fixed use-after-free in...
EulerOS Virtualization 2.11.1 : qemu (EulerOS-SA-2023-2082)
According to the versions of the qemu package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Bloc...
SUSE SLES15: qemu / qemu-SLOF / qemu-arm / qemu-audio-alsa / qemu-audio-pa / etc (SUSE-SU-2023:0840-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0840-1 advisory. - CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxlphys2virt bsc1205808. - CVE-2021-3507: Fixed...
EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2023-1212)
According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Blo...
EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2023-1242)
According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Blo...
EulerOS Virtualization 2.10.0 : qemu (EulerOS-SA-2022-2925)
According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Blo...
EulerOS Virtualization 2.10.1 : qemu (EulerOS-SA-2022-2951)
According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Blo...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : QEMU vulnerabilities (USN-5772-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5772-1 advisory. It was discovered that QEMU incorrectly handled bulk transfers from SPICE clients. A remote attacker could use this...
Oracle Linux 7 : qemu (ELSA-2022-9978)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9978 advisory. - scsi/lsi53c895a: really fix use-after-free in lsidomsgout CVE-2022-0216 Mauro Matteo Cascella Orabug: 34353672 CVE-2022-0216 - scsi/lsi53c895a: fix...
SUSE SLED15: qemu / qemu-SLOF / qemu-accel-qtest / qemu-accel-tcg-x86 / qemu-arm / etc (SUSE-SU-2022:3795-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3795-1 advisory. - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. bsc1198038 -...
SUSE: Security Advisory (SUSE-SU-2019:13921-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:3927-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
QEMU Null Pointer Dereference Vulnerability (CNVD-2021-41094)
QEMU Quick Emulator is a set of simulation processor software by French software developer Fabrice Bellard. The software is fast, cross-platform and other characteristics. A null pointer dereference vulnerability exists in am53c974 SCSI host bus adapter emulation in versions of QEMU prior to 6.0....
CVE-2020-35505
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of...
CVE-2020-35505
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of...
SUSE: Security Advisory (SUSE-SU-2018:3912-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-25742
A NULL pointer dereference flaw was found in the LSI53C895A SCSI Host Bus Adapter emulator of QEMU. This flaw occurs while processing 'Memory Move' instructions to move data between DMA memory and I/O address space via lsimemcpy. This flaw allows a guest user or process to crash the QEMU process,...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:0003-1)
This update for xen fixes the following issues : Update to Xen 4.11.1 bug fix release bsc1027519 CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which could occur when a packet with large packet size is processed. A user inside a guest could have used this flaw to crash the...