Errata ALT-PU-2017-1521-1: Information
Fixes
Published: Dec. 24, 2016
BDU:2017-00072
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю нарушить конфиденциальность, целостность и доступность
Severity: LOW (2.1)
Links:
Published: Dec. 24, 2016
BDU:2017-00074
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие на систему
Severity: LOW (2.1)
Links:
Published: March 15, 2017
BDU:2017-00646
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: March 15, 2017
BDU:2017-00647
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: March 15, 2017
BDU:2017-00648
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: March 15, 2017
BDU:2017-00649
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: March 15, 2017
BDU:2017-00650
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: March 15, 2017
BDU:2017-00651
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: LOW (2.1)
Links:
Published: March 16, 2017
BDU:2017-00652
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: March 16, 2017
BDU:2017-00653
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: March 16, 2017
BDU:2017-00654
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: LOW (2.1)
Links:
Published: March 15, 2017
BDU:2017-00764
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9)
Links:
Published: March 20, 2017
BDU:2017-00772
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
Links:
Published: March 20, 2017
BDU:2017-00773
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Severity: LOW (2.1)
Links:
Published: March 27, 2017
BDU:2017-01462
Уязвимость компонента hw/virtio/virtio-crypto.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: HIGH (7.2)
Links:
Published: Dec. 14, 2016
BDU:2021-03332
Уязвимость функции virgl_cmd_get_capset компонента hw/display/virtio-gpu-3d.c эмулятора аппаратного обеспечения QEMU, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 22, 2017
BDU:2021-03350
Уязвимость функции virtio_gpu_set_scanout компонента hw/display/virtio-gpu.c эмулятора аппаратного обеспечения QEMU, связанная с недостатком механизма освобождения памяти перед удалением последней ссылки, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Feb. 10, 2017
BDU:2021-03352
Уязвимость функции disas_insn компонента target/i386/translate.c эмулятора аппаратного обеспечения QEMU, связанная с недостатком механизма управления генерацией кода, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Feb. 28, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-10028
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20161214 [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size
- 1037525
- 94981
- [oss-security] 20161222 Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities
- [oss-security] 20161220 CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities
- GLSA-201701-49
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31
Published: March 15, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-10155
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
Severity: MEDIUM (6.0) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Links:
- 95770
- [oss-security] 20170120 Re: CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb
- [oss-security] 20170120 CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb
- GLSA-201702-28
- RHSA-2017:2408
- RHSA-2017:2392
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
Published: Oct. 5, 2016
Modified: Nov. 10, 2020
Modified: Nov. 10, 2020
CVE-2016-7907
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Nov. 5, 2016
Modified: Oct. 21, 2020
Modified: Oct. 21, 2020
CVE-2016-8667
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
Severity: MEDIUM (6.0) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Links:
- [oss-security] 20161014 CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick
- [oss-security] 20161015 Re: CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick
- [qemu-devel] 20161012 [PATCH] dma: rc4030: limit interval timer reload value
- 93567
- openSUSE-SU-2016:3237
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
Published: April 26, 2018
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-9602
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [qemu-devel] 20170220 [PATCH 00/29] 9pfs: local: fix vulnerability to symlink attacks
- [qemu-devel] 20170130 [PATCH RFC 00/36] 9pfs: local: fix vulnerability to symlink attacks
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602
- [oss-security] 20170117 CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem
- GLSA-201704-01
- 1037604
- 95461
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
Published: July 28, 2018
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-9603
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
Severity: CRITICAL (9.9) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603
- https://support.citrix.com/article/CTX221578
- GLSA-201706-03
- [debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update
- RHSA-2017:1441
- RHSA-2017:1206
- RHSA-2017:1205
- RHSA-2017:0988
- RHSA-2017:0987
- RHSA-2017:0985
- RHSA-2017:0984
- RHSA-2017:0983
- RHSA-2017:0982
- RHSA-2017:0981
- RHSA-2017:0980
- 1038023
- 96893
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
Published: Dec. 24, 2016
Modified: Dec. 14, 2020
Modified: Dec. 14, 2020
CVE-2016-9908
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
Severity: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
Published: Dec. 24, 2016
Modified: Dec. 14, 2020
Modified: Dec. 14, 2020
CVE-2016-9912
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
Published: Jan. 23, 2018
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-18030
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 3, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-2615
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
Severity: CRITICAL (9.1) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Links:
- [qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615)
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615
- [oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode
- https://support.citrix.com/article/CTX220771
- GLSA-201702-28
- GLSA-201702-27
- 1037804
- 95990
- RHSA-2017:0454
- RHSA-2017:0396
- RHSA-2017:0350
- RHSA-2017:0344
- RHSA-2017:0334
- RHSA-2017:0333
- RHSA-2017:0332
- RHSA-2017:0331
- RHSA-2017:0330
- RHSA-2017:0329
- RHSA-2017:0328
- RHSA-2017:0309
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
Published: July 27, 2018
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-2630
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- [qemu-devel] 20170206 [PATCH 05/18] nbd/client: fix drop_sync
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630
- [oss-security] 20170215 CVE-2017-2630 Qemu: nbd: oob stack write in client routine drop_sync
- GLSA-201704-01
- RHSA-2017:2392
- 96265
- https://bugzilla.redhat.com/show_bug.cgi?id=1422415
- https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85
Published: March 15, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-5525
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- 95671
- [oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in ac97 device
- [oss-security] 20170118 CVE request Qemu: audio: memory leakage in ac97 device
- GLSA-201702-28
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=12351a91da97b414eec8cdb09f1d9f41e535a401
Published: March 15, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-5526
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- 95669
- [oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in es1370 device
- [oss-security] 20170118 CVE request Qemu: audio: memory leakage in es1370 device
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
Published: March 15, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-5552
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- 95773
- [oss-security] 20170120 Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing
- [oss-security] 20170120 CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing
- GLSA-201702-28
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=33243031dad02d161225ba99d782616da133f689
Published: March 15, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-5578
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- 95781
- [oss-security] 20170125 Re: CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing
- [oss-security] 20170123 CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing
- GLSA-201702-28
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=204f01b30975923c64006f8067f0937b91eea68b
Published: March 15, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-5579
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- 95780
- [oss-security] 20170125 Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation
- [oss-security] 20170124 CVE request Qemu: serial: host memory leakage in 16550A UART emulation
- GLSA-201702-28
- RHSA-2017:2408
- RHSA-2017:2392
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
Published: March 16, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-5667
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1417559
- [oss-security] 20170212 Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer
- [oss-security] 20170131 Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer
- [oss-security] 20170130 CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer
- 95885
- GLSA-201702-28
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9
Published: March 16, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-5856
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1418342
- [oss-security] 20170202 Re: CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd
- [oss-security] 20170201 CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd
- 95999
- GLSA-201702-28
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3
Published: March 16, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-5857
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1418382
- [oss-security] 20170202 Re: CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref
- [oss-security] 20170201 CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref
- 95993
- GLSA-201702-28
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=5e8e3c4c75c199aa1017db816fca02be2a9f8798
Published: March 15, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-5898
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- GLSA-201702-28
- https://bugzilla.redhat.com/show_bug.cgi?id=1419699
- 96112
- [oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest
- SUSE-SU-2017:0582
- SUSE-SU-2017:0570
- RHSA-2017:2392
- RHSA-2017:1856
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a
Published: March 27, 2017
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-5931
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
- [qemu-devel] 20170110 [PULL 03/41] virtio-crypto: fix possible integer and heap overflow
- https://bugzilla.redhat.com/show_bug.cgi?id=1420092
- 96141
- [oss-security] 20170207 Re: CVE request Qemu: virtio: integer overflow in handling virtio-crypto requests
- GLSA-201702-28
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=a08aaff811fb194950f79711d2afe5a892ae03a4
Published: March 27, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-5973
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170206 [PATCH] xhci: apply limits to loops
- https://bugzilla.redhat.com/show_bug.cgi?id=1421626
- 96220
- [oss-security] 20170214 CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx
- GLSA-201704-01
- RHSA-2017:2408
- RHSA-2017:2392
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b
Published: March 20, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-5987
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170213 Re: [Qemu-devel] [PATCH v3 1/4] sd: sdhci: check transfer mode register in multi block transfer
- https://bugzilla.redhat.com/show_bug.cgi?id=1421995
- 96263
- [oss-security] 20170214 CVE-2017-5987 Qemu: sd: infinite loop issue in multi block transfers
- GLSA-201704-01
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=6e86d90352adf6cb08295255220295cf23c4286e
Published: March 20, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-6058
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20170216 [PATCH 2/5] NetRxPkt: Fix memory corruption on VLAN header stripping
- https://bugzilla.redhat.com/show_bug.cgi?id=1423358
- 1037856
- 96277
- [oss-security] 20170217 CVE-2017-6058 Qemu: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping
- GLSA-201704-01
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6
Published: March 15, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-6505
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1429432
- [oss-security] 20170306 CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list
- 96611
- GLSA-201704-01
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
Published: April 10, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-7377
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.
Severity: MEDIUM (6.0) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Links:
- [qemu-devel] 20170328 [PULL 1/2] 9pfs: fix file descriptor leak
- https://bugzilla.redhat.com/show_bug.cgi?id=1437871
- [oss-security] 20170403 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create
- 97319
- GLSA-201706-03
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
Published: July 9, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2017-7471
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
Severity: CRITICAL (9.0) Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Links:
Published: April 20, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-7718
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1443441
- [oss-security] 20170419 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
- 97957
- GLSA-201706-03
- RHSA-2017:1441
- RHSA-2017:1431
- RHSA-2017:1430
- RHSA-2017:1206
- RHSA-2017:1205
- RHSA-2017:0988
- RHSA-2017:0984
- RHSA-2017:0983
- RHSA-2017:0982
- RHSA-2017:0981
- RHSA-2017:0980
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904
Published: May 2, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-8086
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- [qemu-devel] 20170410 [PULL] 9pfs: xattr: fix memory leak in v9fs_list_xattr
- https://bugzilla.redhat.com/show_bug.cgi?id=1444781
- 98012
- [oss-security] 20170425 CVE-2017-8086 Qemu: 9pfs: host memory leakage via v9pfs_list_xattr
- GLSA-201706-03
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2
Published: April 26, 2017
Modified: May 17, 2024
Modified: May 17, 2024
CVE-2017-8284
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.
Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 1, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9060
Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 8, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9310
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.
Severity: MEDIUM (5.6) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
Published: June 8, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9330
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
Severity: MEDIUM (5.6) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1457697
- [oss-security] 20170601 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value
- 98779
- GLSA-201706-03
- DSA-3920
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d
Published: June 17, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9373
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1458270
- 98921
- [oss-security] 20170605 CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug
- DSA-3920
- RHSA-2017:2408
- RHSA-2017:2392
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d68f0f778e7f4fbd674627274267f269e40f0b04
Published: June 17, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9374
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1459132
- [oss-security] 20170606 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug
- 98905
- DSA-3920
- RHSA-2017:2408
- RHSA-2017:2392
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
Published: June 17, 2017
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-9375
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1458744
- 98915
- [oss-security] 20170605 CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep
- DSA-3991
- RHSA-2017:2408
- RHSA-2017:2392
- [debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=96d87bdda3919bb16f754b3d3fd1227e1f38f13c
Published: Oct. 10, 2018
Modified: Aug. 24, 2020
Modified: Aug. 24, 2020
CVE-2018-17962
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- [qemu-devel] 20180926 [PULL 23/25] pcnet: fix possible buffer overflow
- [oss-security] 20181008 Qemu: integer overflow issues
- DSA-4338
- USN-3826-1
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- RHSA-2019:2892
- https://linux.oracle.com/cve/CVE-2018-17962.html
- https://access.redhat.com/security/cve/cve-2018-17962
- https://www.suse.com/security/cve/CVE-2018-17962/