51 matches found
CVE-2017-9375
QEMU aka Quick Emulator, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service infinite recursive call via vectors involving control transfer descriptors sequencing...
Code injection
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; an...
CVE-2017-4904
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; an...
CVE-2017-4904
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; an...
VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues
a. ESXi, Workstation, Fusion SVGA memory corruption ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host. VMware would like to thank ZDI and Team 360 Security from Qihoo for reporting these...
Debian DLA-842-1 : qemu-kvm security update
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests. CVE-2017-2615 The Cirrus CLGD 54xx VGA Emulator in qemu-kvm is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in...
Debian DLA-678-1 : qemu security update
Multiple vulnerabilities have been found in QEMU : CVE-2016-8576 Quick Emulator Qemu built with the USB xHCI controller emulation support is vulnerable to an infinite loop issue. It could occur while processing USB command ring in 'xhciringfetch'. CVE-2016-8577 Quick Emulator Qemu built with the...
DLA-678-1 qemu - security update
Bulletin has no description...
openSUSE Security Update : the Linux Kernel (openSUSE-2016-256)
The openSUSE 13.2 kernel was updated to receive security and bugfixes. It also fixes a regression that caused the Chromium sandbox to no longer work bsc965356. Following security bugs were fixed : - CVE-2016-2069: A flaw was discovered in a way the Linux deals with paging structures. When Linux...
openSUSE Security Update : the Linux Kernel (openSUSE-2015-686)
The openSUSE 13.2 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-3290: arch/x86/entry/entry64.S in the Linux kernel on the x8664 platform improperly relied on espfix64 during nested NMI processing, which allowed local users to gain...
Updated qemu packages fix security vulnerabilities
The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileg...