Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое неустановленное воздействие

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии в гостевой операционной системе

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.

The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.