SUSE CVE-2021-3527

A flaw was found in the USB redirector device usb-redir of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array VLA on the stack...

GSD-2022-1001079 net/mlx5e: TC, Hold sample_attr on stack instead of pointer

net/mlx5e: TC, Hold sampleattr on stack instead of pointer This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

SUSE: Security Advisory (SUSE-SU-2021:3635-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:3635-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: - Fix heap use-after-free in virtionetreceivercu bsc1189938, CVE-2021-3748 - Fix out-of-bounds write in UAS USB Attached SCSI device emulation bsc1189702, CVE-2021-3713 - usbredir: free call on invalid pointer in bufpalloc...

SUSE: Security Advisory (SUSE-SU-2021:3613-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:3614-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: - Fix out-of-bounds write in UAS USB Attached SCSI device emulation bsc1189702, CVE-2021-3713 - Fix heap use-after-free in virtionetreceivercu bsc1189938, CVE-2021-3748 - usbredir: free call on invalid pointer in bufpalloc...

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2021:3614-1 Rating: important References: 1180432 1180433 1180434 1180435 1182651 1186012 1189145 1189702 1189938 Cross-References: CVE-2020-35503 CVE-2020-35504 CVE-2020-35505 CVE-2020-35506 CVE-2021-20255...

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2021:1202-1 Rating: important References: 1180432 1180433 1180434 1180435 1182651 1186012 1187364 1187365 1187366 1187367 1187499 1187529 1187538 1187539 1189145 Cross-References: CVE-2020-35503 CVE-2020-35504...

qemu security update

15:4.2.1-11.el7 - pvrdma: Fix the ring init error flow CVE-2021-3608 Marcel Apfelbaum Orabug: 33120142 CVE-2021-3608 - pvrdma: Ensure correct input on ring init CVE-2021-3607 Marcel Apfelbaum Orabug: 33120146 CVE-2021-3607 - hw/rdma: Fix possible mremap overflow in the pvrdma device CVE-2021-3582...

RHEL 8 : systemd (RHSA-2021:2724)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2724 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive...

systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash

A flaw was found in systemd. The use of alloca function with an uncontrolled size in function unitnamepathescape allows a local attacker, able to mount a filesystem on a very long path, to crash systemd and the whole system by allocating a very large space in the stack. The highest threat from th...

Important: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single large transfer request to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack resulting in a denial of service.

...

DEBIAN-CVE-2021-3527

A flaw was found in the USB redirector device usb-redir of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array VLA on the stack...

CVE-2021-3527

A flaw was found in the USB redirector device usb-redir of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array VLA on the stack...

UBUNTU-CVE-2021-3527

A flaw was found in the USB redirector device usb-redir of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array VLA on the stack...

Design/Logic Flaw

A flaw was found in the USB redirector device usb-redir of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array VLA on the stack...

CVE-2021-3527

A flaw was found in the USB redirector device usb-redir of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array VLA on the stack...

FreeBSD -- posix_spawnp(3) buffer overflow

Problem Description: posixspawnp spawns a new thread with a limited stack allocated on the heap before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH...

Oracle Linux 6 : kernel (ELSA-2020-1524)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1524 advisory. - wireless rtlwifi: Fix potential overflow on P2P code Jarod Wilson 1775226 CVE-2019-17666 Tenable has extracted the preceding description block direct...