Errata ALT-PU-2017-2202-1: Information
Fixes
Published: April 28, 2017
BDU:2017-01782
Уязвимость компонента audio.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.8)
Links:
Published: June 24, 2017
BDU:2021-01313
Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Severity: LOW (3.7) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Links:
Published: Feb. 10, 2017
BDU:2021-03352
Уязвимость функции disas_insn компонента target/i386/translate.c эмулятора аппаратного обеспечения QEMU, связанная с недостатком механизма управления генерацией кода, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: April 13, 2017
Modified: Dec. 14, 2020
Modified: Dec. 14, 2020
CVE-2015-8345
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
Published: April 20, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-7718
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1443441
- [oss-security] 20170419 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
- 97957
- GLSA-201706-03
- RHSA-2017:1441
- RHSA-2017:1431
- RHSA-2017:1430
- RHSA-2017:1206
- RHSA-2017:1205
- RHSA-2017:0988
- RHSA-2017:0984
- RHSA-2017:0983
- RHSA-2017:0982
- RHSA-2017:0981
- RHSA-2017:0980
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904
Published: May 2, 2017
Modified: Sept. 10, 2020
Modified: Sept. 10, 2020
CVE-2017-8112
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- [qemu-devel] 20170425 Re: [PATCH] vmw_pvscsi: check message ring page count at initialisation
- https://bugzilla.redhat.com/show_bug.cgi?id=1445621
- 98015
- [oss-security] 20170426 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2
- GLSA-201706-03
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
Published: April 26, 2017
Modified: May 17, 2024
Modified: May 17, 2024
CVE-2017-8284
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.
Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: May 23, 2017
Modified: Aug. 4, 2021
Modified: Aug. 4, 2021
CVE-2017-8309
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: May 23, 2017
Modified: Aug. 4, 2021
Modified: Aug. 4, 2021
CVE-2017-8379
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
Published: June 8, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9330
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
Severity: MEDIUM (5.6) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1457697
- [oss-security] 20170601 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value
- 98779
- GLSA-201706-03
- DSA-3920
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d
Published: June 17, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9373
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1458270
- 98921
- [oss-security] 20170605 CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug
- DSA-3920
- RHSA-2017:2408
- RHSA-2017:2392
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d68f0f778e7f4fbd674627274267f269e40f0b04
Published: June 17, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9374
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1459132
- [oss-security] 20170606 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug
- 98905
- DSA-3920
- RHSA-2017:2408
- RHSA-2017:2392
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
Published: June 17, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9375
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1458744
- 98915
- [oss-security] 20170605 CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep
- DSA-3991
- RHSA-2017:2408
- RHSA-2017:2392
- [debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=96d87bdda3919bb16f754b3d3fd1227e1f38f13c
Published: June 17, 2017
Modified: Nov. 10, 2020
Modified: Nov. 10, 2020
CVE-2017-9503
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas
- [qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once
- https://bugzilla.redhat.com/show_bug.cgi?id=1459477
- [oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command
- 99010
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update