Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5307-1
HistoryFeb 28, 2022 - 12:00 a.m.

QEMU vulnerabilities

2022-02-2800:00:00
ubuntu.com
111

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

8.4 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.9%

JSON

Releases

  • Ubuntu 21.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • qemu - Machine emulator and virtualizer

Details

Gaoning Pan discovered that QEMU incorrectly handled the floppy disk
emulator. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2021-20196)

Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly
handled certain values. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203)

It was discovered that the QEMU vhost-user GPU device contained several
security issues. An attacker inside the guest could use these issues to
cause QEMU to crash, resulting in a denial of service, leak sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)

It was discovered that QEMU incorrectly handled bulk transfers from SPICE
clients. A remote attacker could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2021-3682)

It was discovered that the QEMU UAS device emulation incorrectly handled
certain stream numbers. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 21.10.
(CVE-2021-3713)

It was discovered that the QEMU virtio-net device incorrectly handled
certain buffer addresses. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-3748)

It was discovered that the QEMU SCSI device emulation incorrectly handled
certain MODE SELECT commands. An attacker inside the guest could possibly
use this issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2021-3930)

It was discovered that the QEMU ACPI logic incorrectly handled certain
values. An attacker inside the guest could possibly use this issue to cause
QEMU to crash, resulting in a denial of service. This issue only affected
Ubuntu 21.10. (CVE-2021-4158)

Jietao Xiao, Jinku Li, Wenbo Shen, and Nanzi Yang discovered that the QEMU
virtiofsd device incorrectly handled permissions when creating files. An
attacker inside the guest could use this issue to create files inside the
directory shared by virtiofs with unintended permissions, possibly allowing
privilege escalation. This issue only affected Ubuntu 21.10.
(CVE-2022-0358)

OSVersionArchitecturePackageVersionFilename
Ubuntu21.10noarchqemu-system-x86-microvm< 1:6.0+dfsg-2expubuntu1.2UNKNOWN
Ubuntu21.10noarchqemu< 1:6.0+dfsg-2expubuntu1.2UNKNOWN
Ubuntu21.10noarchqemu-block-extra< 1:6.0+dfsg-2expubuntu1.2UNKNOWN
Ubuntu21.10noarchqemu-block-extra-dbgsym< 1:6.0+dfsg-2expubuntu1.2UNKNOWN
Ubuntu21.10noarchqemu-guest-agent< 1:6.0+dfsg-2expubuntu1.2UNKNOWN
Ubuntu21.10noarchqemu-guest-agent-dbgsym< 1:6.0+dfsg-2expubuntu1.2UNKNOWN
Ubuntu21.10noarchqemu-system< 1:6.0+dfsg-2expubuntu1.2UNKNOWN
Ubuntu21.10noarchqemu-system-arm< 1:6.0+dfsg-2expubuntu1.2UNKNOWN
Ubuntu21.10noarchqemu-system-arm-dbgsym< 1:6.0+dfsg-2expubuntu1.2UNKNOWN
Ubuntu21.10noarchqemu-system-common< 1:6.0+dfsg-2expubuntu1.2UNKNOWN
Rows per page:
1-10 of 1021

Related

nessus 42
openvas 35
osv 14
debian 3
altlinux 1
suse 7
redos 2
oraclelinux 5
ubuntucve 10
gentoo 1
prion 9
veracode 9
redhatcve 10
debiancve 9
cve 9
alpinelinux 9
cbl_mariner 17
redhat 4
amazon 1
cnvd 1
ubuntu 1
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : QEMU vulnerabilities (USN-5307-1)
2022-02-28 00:00:00
Debian DSA-4980-1 : qemu - security update
2021-10-04 00:00:00
SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2021:2213-1)
2021-07-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5307-1)
2022-03-01 00:00:00
Debian: Security Advisory (DSA-4980-1)
2021-10-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2212-1)
2021-07-01 00:00:00
osv
osv
qemu vulnerabilities
2022-02-28 13:03:07
qemu - security update
2021-10-03 00:00:00
qemu - security update
2022-04-04 00:00:00
debian
debian
[SECURITY] [DSA 4980-1] qemu security update
2021-10-03 18:26:45
[SECURITY] [DLA 2970-1] qemu security update
2022-04-04 13:21:47
[SECURITY] [DLA 2753-1] qemu security update
2021-09-02 18:40:09
altlinux
altlinux
Security fix for the ALT Linux 10 package qemu version 6.1.1-alt1
2022-03-01 00:00:00
suse
suse
Security update for qemu (moderate)
2021-07-10 00:00:00
Security update for qemu (important)
2021-11-08 00:00:00
Security update for qemu (important)
2021-11-03 00:00:00
redos
redos
ROS-20220125-17
2022-01-25 00:00:00
ROS-20220324-02
2022-03-24 00:00:00
oraclelinux
oraclelinux
qemu security update
2022-02-05 00:00:00
virt:kvm_utils security update
2022-02-25 00:00:00
qemu security update
2021-08-17 00:00:00
ubuntucve
ubuntucve
CVE-2021-3545
2021-06-02 00:00:00
CVE-2021-3546
2021-06-02 00:00:00
CVE-2021-20203
2021-02-25 00:00:00
gentoo
gentoo
QEMU: Multiple Vulnerabilities
2022-08-14 00:00:00
prion
prion
Integer overflow
2021-02-25 20:15:00
Race condition
2022-02-18 18:15:00
Null pointer dereference
2021-05-26 22:15:00
veracode
veracode
Denial Of Service (DoS)
2021-04-11 12:04:51
Denial Of Service (DoS)
2022-01-15 16:40:05
Denial Of Service (DoS)
2022-01-15 21:49:42
redhatcve
redhatcve
CVE-2021-20203
2021-02-01 09:45:24
CVE-2021-20196
2021-01-24 20:41:50
CVE-2021-3930
2021-11-05 10:46:37
debiancve
debiancve
CVE-2021-20196
2021-05-26 22:15:00
CVE-2021-20203
2021-02-25 20:15:00
CVE-2021-3930
2022-02-18 18:15:00
cve
cve
CVE-2021-20203
2021-02-25 20:15:00
CVE-2021-20196
2021-05-26 22:15:00
CVE-2021-3930
2022-02-18 18:15:00
alpinelinux
alpinelinux
CVE-2021-20203
2021-02-25 20:15:00
CVE-2021-3930
2022-02-18 18:15:00
CVE-2021-20196
2021-05-26 22:15:00
cbl_mariner
cbl_mariner
CVE-2021-20203 affecting package qemu-kvm 4.2.0-48
2021-04-06 23:50:33
CVE-2021-3930 affecting package qemu 6.1.0-14
2022-06-03 17:54:21
CVE-2021-3930 affecting package qemu-kvm 4.2.0-48
2022-04-07 06:04:11
redhat
redhat
(RHSA-2021:5065) Low: virt:av and virt-devel:av security, bug fix, and enhancement update
2021-12-09 18:16:03
(RHSA-2022:0325) Low: virt:av and virt-devel:av security and bug fix update
2022-01-31 14:57:47
(RHSA-2021:4112) Moderate: virt:av and virt-devel:av security and bug fix update
2021-11-03 08:25:05
amazon
amazon
Medium: qemu
2023-05-25 17:41:00
cnvd
cnvd
QEMU Denial of Service Vulnerability (CNVD-2022-84162)
2022-03-02 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2022-12-12 00:00:00

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

8.4 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.9%

JSON
Related for USN-5307-1
nessus42openvas35osv14debian3altlinux1suse7redos2oraclelinux5ubuntucve10gentoo1prion9veracode9redhatcve10debiancve9cve9alpinelinux9cbl_mariner17redhat4amazon1cnvd1ubuntu1