31 matches found
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in do_token_out routines. This flaw allows a guest user to crash the QEMU process resulting in a denial of service or the potential execution of arbitrary code with the privileges of the QEMU process on the host.
...
ALPINE-CVE-2020-14364
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash...
UBUNTU-CVE-2020-14364
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash...
DEBIAN-CVE-2013-4541
The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...
qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...
qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...
qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...
qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...
qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...
qemu: usb: insufficient sanity checking of setup_index+setup_len in post_load
The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...
UBUNTU-CVE-2013-4541
The usbdevicepostload function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setuplen or setupindex value...