Astra Linux - уязвимость в qemu

A vulnerability related to out-of-bounds read/write access was discovered in the USB emulator of QEMU in versions prior to 5.2.0. This issue occurs during the processing of USB packets from a guest, when the value of USBDevice’s ‘setuplen’ exceeds the value of ‘databuf4096’ in the dotokenin and...

NewStart CGSL MAIN 6.06 : qemu Multiple Vulnerabilities (NS-SA-2025-0227)

The remote NewStart CGSL host, running version MAIN 6.06, has qemu packages installed that are affected by multiple vulnerabilities: - A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPIC...

CentOS 7 : qemu-kvm-ma (RHSA-2020:4078)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4078 advisory. - An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets fro...

NewStart CGSL MAIN 6.06 : qemu Multiple Vulnerabilities (NS-SA-2023-0132)

The remote NewStart CGSL host, running version MAIN 6.06, has qemu packages installed that are affected by multiple vulnerabilities: - In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 fixed, when executing script in...

K09081535: QEMU vulnerability CVE-2020-14364

Security Advisory Description An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This fla...

NewStart CGSL MAIN 6.02 : qemu Multiple Vulnerabilities (NS-SA-2022-0087)

The remote NewStart CGSL host, running version MAIN 6.02, has qemu packages installed that are affected by multiple vulnerabilities: - libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c. CVE-2019-15890 - An out-of-bounds read/write access flaw was found in the USB...

SUSE SLES12 Security Update : qemu (SUSE-SU-2021:1947-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1947-1 advisory. - Fix OOB access during mmio operations CVE-2020-13754, bsc1172382 - Fix out-of-bounds read information disclosure in...

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:1942-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1942-1 advisory. - Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream bsc1181103 - Fix OOB access in...

SUSE SLES11 Security Update : xen (SUSE-SU-2020:14521-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14521-1 advisory. - Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially...

EulerOS Virtualization 2.9.1 : qemu (EulerOS-SA-2021-1735)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ideatapicmdreplyend in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated...

EulerOS Virtualization 2.9.0 : qemu (EulerOS-SA-2021-1763)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ideatapicmdreplyend in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated...

NewStart CGSL MAIN 4.06 : qemu-kvm Multiple Vulnerabilities (NS-SA-2021-0004)

The remote NewStart CGSL host, running version MAIN 4.06, has qemu-kvm packages installed that are affected by multiple vulnerabilities: - libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ipreass in ipinput.c. CVE-2019-15890 - ipreass in ipinput.c in libslirp 4.0.0 has a heap-based...

EulerOS Virtualization 3.0.2.6 : qemu (EulerOS-SA-2021-1057)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System9pfs support, is vulnerable to an improper...

Amazon Linux AMI : qemu-kvm (ALAS-2020-1449)

The version of qemu-kvm installed on the remote host is prior to 1.5.3-156.24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1449 advisory. qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service guest crash by leveraging...

Important: qemu-kvm

Issue Overview: qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service guest crash by leveraging mishandling of the seccomp policy for threads other than the main thread. CVE-2018-15746 A heap buffer overflow issue was found in the SLiRP networking implementation of...

Amazon Linux 2 : qemu (ALAS-2020-1562)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1562 advisory. A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tig...

QEMU: usb: out-of-bounds r/w access issue while processing usb packets

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...

QEMU: usb: out-of-bounds r/w access issue while processing usb packets

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...

Security Bulletin: Publicly disclosed vulnerability from Qemu affects IBM Netezza Host Management

Summary Open Source Qemu is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-14364 DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds read/write...

QEMU: usb: out-of-bounds r/w access issue while processing usb packets

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setuplen' exceeds its 'databuf4096' in the dotokenin, dotokenout routines. This flaw allows a guest user to crash the QEMU process,...