11 matches found
EUVD-2021-26737
Malware in sbrugna...
SUSE CVE-2017-5987
The sdhcisdmatransfermultiblocks function in hw/sd/sdhci.c in QEMU aka Quick Emulator allows local OS guest privileged users to cause a denial of service infinite loop and QEMU process crash via vectors involving the transfer mode register during multi block transfer...
AZL-35163 CVE-2022-3872 affecting package qemu for versions less than 6.2.0-18
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhcireaddataport and sdhciwritedataport, respectively, if datacount == blocksize. A malicious guest could use this flaw to crash the QEMU process on the host,...
GLSA-202208-27 : QEMU: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202208-27 QEMU: Multiple Vulnerabilities - QEMU 4.2.0 has a use-after-free in hw/net/e1000ecore.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. CVE-2020-15859 -...
Oracle Linux 8 : kvm_utils (ELSA-2021-9568)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9568 advisory. - In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. CVE-2020-15469 - A flaw was foun...
Out-of-bounds
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resultin...
CVE-2021-3409
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resultin...
CVE-2021-3409
CVE-2021-3409 affects QEMU up to 5.2.0 and stems from an ineffective patch for CVE-2020-17380/CVE-2020-25085, leading to a heap/buffer overflow in the SDHCI controller emulation. Astra Linux reports these issues as a heap-based overflow triggered by a mis-handled write in the SDHC_BLKSIZE path of...
CVE-2021-3409
The patch for CVE-2020-17380 and CVE-2020-25085, both involving a heap buffer overflow in the SDHCI controller emulation code of QEMU, was found to be incomplete. A malicious privileged guest could reproduce the same issues with specially crafted input, inducing a bogus transfer and subsequent...
CVE-2020-25085
A flaw was found in QEMU. An out-of-bounds read/write access issue was found in the SDHCI Controller emulator of QEMU. It may occur while doing multi block SDMA, if transfer block size exceeds the 's-fifobuffers-bufmaxsz' size which would leave the current element pointer 's-datacount' pointing o...
DEBIAN-CVE-2017-5987
The sdhcisdmatransfermultiblocks function in hw/sd/sdhci.c in QEMU aka Quick Emulator allows local OS guest privileged users to cause a denial of service infinite loop and QEMU process crash via vectors involving the transfer mode register during multi block transfer...