ALT-PU-2016-1937-1
Closed vulnerabilities
BDU:2016-02055
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2016-02072
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2016-4439
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.
- [oss-security] 20160519 CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write
- [oss-security] 20160519 CVE-2016-4439 Qemu: scsi: esp: OOB write while writing to 's->cmdbuf' in esp_reg_write
- 90760
- 90760
- USN-3047-1
- USN-3047-1
- USN-3047-2
- USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1337502
- https://bugzilla.redhat.com/show_bug.cgi?id=1337502
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20160519 [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)
- [qemu-devel] 20160519 [PATCH 1/2] scsi: check command buffer length before write(CVE-2016-4439)
- GLSA-201609-01
- GLSA-201609-01
Modified: 2024-11-21
CVE-2016-4441
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.
- [oss-security] 20160519 CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in get_cmd
- [oss-security] 20160519 CVE-2016-4441 Qemu: scsi: esp: OOB write while writing to 's-cmdbuf' in get_cmd
- 90762
- 90762
- USN-3047-1
- USN-3047-1
- USN-3047-2
- USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1337505
- https://bugzilla.redhat.com/show_bug.cgi?id=1337505
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20160519 [PATCH 2/2] scsi: check dma length before reading scsi command(CVE-2016-4441)
- [qemu-devel] 20160519 [PATCH 2/2] scsi: check dma length before reading scsi command(CVE-2016-4441)
- GLSA-201609-01
- GLSA-201609-01
Modified: 2024-11-21
CVE-2016-4453
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
- [oss-security] 20160530 CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine
- 90928
- USN-3047-1
- USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1336650
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20160530 [Qemu-devel] [PATCH 4/4] vmsvga: don't process more than 1024 fifo commands at once
- GLSA-201609-01
- [oss-security] 20160530 CVE-2016-4453 Qemu: display: vmsvga: infinite loop in vmsvga_fifo_run() routine
- GLSA-201609-01
- [qemu-devel] 20160530 [Qemu-devel] [PATCH 4/4] vmsvga: don't process more than 1024 fifo commands at once
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- https://bugzilla.redhat.com/show_bug.cgi?id=1336650
- USN-3047-2
- USN-3047-1
- 90928
Modified: 2024-11-21
CVE-2016-4454
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.
- [oss-security] 20160530 CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine
- 90927
- USN-3047-1
- USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1336429
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20160530 [Qemu-devel] [PATCH 1/4] vmsvga: move fifo sanity checks to vmsvga_fifo_length
- GLSA-201609-01
- [oss-security] 20160530 CVE-2016-4454 Qemu: display: vmsvga: out-of-bounds read in vmsvga_fifo_read_raw() routine
- GLSA-201609-01
- [qemu-devel] 20160530 [Qemu-devel] [PATCH 1/4] vmsvga: move fifo sanity checks to vmsvga_fifo_length
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- https://bugzilla.redhat.com/show_bug.cgi?id=1336429
- USN-3047-2
- USN-3047-1
- 90927
Modified: 2024-11-21
CVE-2016-4952
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.
- [oss-security] 20160523 CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
- [oss-security] 20160523 CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
- [oss-security] 20160523 Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
- [oss-security] 20160523 Re: CVE request: Qemu: scsi: pvscsi: out-of-bounds access issue in pvsci_ring_init_msg/data routines
- USN-3047-1
- USN-3047-1
- USN-3047-2
- USN-3047-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1334384
- https://bugzilla.redhat.com/show_bug.cgi?id=1334384
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20160523 [Qemu-devel] [PATCH] scsi: pvscsi: check command descriptor ring buffer
- [qemu-devel] 20160523 [Qemu-devel] [PATCH] scsi: pvscsi: check command descriptor ring buffer
Modified: 2024-11-21
CVE-2016-5403
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
- RHSA-2016:1585
- RHSA-2016:1585
- RHSA-2016:1586
- RHSA-2016:1586
- RHSA-2016:1606
- RHSA-2016:1606
- RHSA-2016:1607
- RHSA-2016:1607
- RHSA-2016:1652
- RHSA-2016:1652
- RHSA-2016:1653
- RHSA-2016:1653
- RHSA-2016:1654
- RHSA-2016:1654
- RHSA-2016:1655
- RHSA-2016:1655
- RHSA-2016:1756
- RHSA-2016:1756
- RHSA-2016:1763
- RHSA-2016:1763
- RHSA-2016:1943
- RHSA-2016:1943
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 92148
- 92148
- 1036476
- 1036476
- USN-3047-1
- USN-3047-1
- USN-3047-2
- USN-3047-2
- http://xenbits.xen.org/xsa/advisory-184.html
- http://xenbits.xen.org/xsa/advisory-184.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1358359
- https://bugzilla.redhat.com/show_bug.cgi?id=1358359
- [debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update
- [debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update