Astra Linux – Vulnerability in Qemu

In QEMU 5.0.0, the file hw/usb/hcd-ohci.c contains a stack-based buffer over-read issue, caused by values obtained from the host controller driver...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993055)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993055 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohcihcdnxpprobe ofparsephandle returns a node pointer with...

EUVD-2017-18265

Malware in sbrugna...

EUVD-2016-3475

Malware in sbrugna...

SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2025:02846-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02846-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

Linux Distros Unpatched Vulnerability : CVE-2022-50152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: ohci-nxp: Fix refcount leak in ohcihcdnxpprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need...

CVE-2022-50152

In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohcihcdnxpprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

SUSE CVE-2022-50152

In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohcihcdnxpprobe ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

CVE-2022-50033

In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohcihcdppcofprobe, offindcompatiblenode will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...

SUSE CVE-2017-9330

QEMU aka Quick Emulator before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service infinite loop by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505...

DEBIAN-CVE-2020-25624

hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver...

DEBIAN-CVE-2020-25625

hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop...

Denial Of Service (DoS)

QEMU aka Quick Emulator is vulnerable to denial of service DoS. When built with the USB OHCI Emulation support, it allows local guest OS users to cause a denial of service infinite loop by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505...

CVE-2020-25625

An infinite loop flaw was found in the USB OHCI controller emulator of QEMU. This flaw occurs while servicing OHCI isochronous transfer descriptors TD in the ohciserviceisotd routine, as it retires a TD if it has passed its time frame. It does not check if the TD was already processed and holds a...

CVE-2020-25624

A flaw was found in QEMU. An out-of-bounds read/write access issue was found in the USB OHCI controller emulator. This issue occurs while servicing transfer descriptors TD, as the OHCI controller derives variables 'startaddr', 'endaddr', and 'len' from values supplied by the host controller drive...

EulerOS Virtualization for ARM 64 3.0.1.0 : qemu-kvm (EulerOS-SA-2019-1405)

According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the...

EulerOS Virtualization 3.0.1.0 : qemu (EulerOS-SA-2019-1444)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow issue was found in the NE200 NIC emulation. It could occur while receiving packets from the network, if the siz...

USN-3414-1 qemu vulnerabilities

Leo Gaspard discovered that QEMU incorrectly handled VirtFS access control. A guest attacker could use this issue to elevate privileges inside the guest. CVE-2017-7493 Li Qiang discovered that QEMU incorrectly handled VMWare PVSCSI emulation. A privileged attacker inside the guest could use this...

Fedora 26 : xen (2017-b7f1197c23)

Qemu: usb: ohci: infinite loop due to incorrect return value CVE-2017-9330 1457698 Qemu: nbd: segmentation fault due to client non-negotiation CVE-2017-9524 1460173 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort CVE-2017-10664 1466466 Qemu: exec: oob access during dma operation...

Debian DLA-1070-1 : qemu security update

Multiple vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2017-6505 Denial of service via infinite loop in the USB OHCI emulation CVE-2017-8309 Denial of service via VNC audio capture...