29 matches found
EUVD-2020-18377
Malware in sbrugna...
CVE-2024-31145 error handling in x86 IOMMU identity mapping
Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region Reporting, "RMRR" for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions ...
CVE-2024-31145
CVE-2024-31145 is confirmed in connected advisories as a Xen/Xen-related vulnerability affecting the x86 IOMMU identity mapping for PCI devices using Reserved Memory Regions (RMRR) or similar mappings. The flaw allows a guest VM to retain access to memory regions that should be removed, enabling ...
error handling in x86 IOMMU identity mapping
ISSUE DESCRIPTION Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region Reporting, "RMRR" for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose...
K04755144: Multiple QEMU vulnerabilities
Security Advisory Description CVE-2015-8613 Stack-based buffer overflow in the megasasctrlgetinfo function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service QEMU instance crash via a crafted SCSI controller CTRLGETINFO command...
SUSE CVE-2016-9911
Quick Emulator Qemu built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehciinittransfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host...
UBUNTU-CVE-2022-26360
IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region...
UBUNTU-CVE-2022-26361
IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region...
OPENSUSE-SU-2021:1461-1 Security update for qemu
This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS USB Attached SCSI device emulation bsc1189702 - CVE-2021-3748: Fix heap use-after-free in virtionetreceivercu bsc1189938 Non-security issues fixed: - Add transfer length item in...
SUSE-SU-2021:3614-1 Security update for qemu
This update for qemu fixes the following issues: Security issues fixed: - Fix out-of-bounds write in UAS USB Attached SCSI device emulation bsc1189702, CVE-2021-3713 - Fix heap use-after-free in virtionetreceivercu bsc1189938, CVE-2021-3748 - usbredir: free call on invalid pointer in bufpalloc...
QEMU code issue vulnerability (CNVD-2021-39676)
QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A code issue vulnerability exists in QEMU, which stems from a found a division by zero issue in the dwc2handlepacket handler package in the...
SUSE-SU-2021:1245-1 Security update for qemu
This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation CVE-2020-12829, bsc1172385 - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation CVE-2020-13362 bsc1172383 - Fix use-after-free in usb xhci packet handling CVE-2020-25723, bsc1178934 - Fix...
QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c
A reachable assertion vulnerability was found in the USB EHCI emulation code of QEMU. This issue occurs while processing USB requests due to missed handling of DMA memory map failure. This flaw allows a malicious privileged user within the guest to send bogus USB requests and crash the QEMU proce...
USN-4650-1 qemu vulnerabilities
Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvir...
QEMU: usb: out-of-bounds r/w access issue while processing usb packets
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...
QEMU: usb: out-of-bounds r/w access issue while processing usb packets
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...
QEMU: usb: out-of-bounds r/w access issue while processing usb packets
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...
Debian DSA-4760-1 : qemu - security update
Multiple security issues were discovered in QEMU, a fast processor emulator : - CVE-2020-12829 An integer overflow in the sm501 display device may result in denial of service. - CVE-2020-14364 An out-of-bounds write in the USB emulation code may result in guest-to-host code execution. -...
[SECURITY] [DSA 4760-1] qemu security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4760-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 06, 2020 https://www.debian.org/security/faq -...
Turning an OBD-II reader into a USB / NFC attack tool
One of my favourite sorts of hardware hacking is making a device do something it was never intended for. It's creative, disruptive, and fun. Everyone has their own way of going about things. Different methodologies, habits, and skill sets mean that approaches will be diverse. This is how I work...