ALT-PU-2017-1521-1
Closed vulnerabilities
BDU:2017-00072
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю нарушить конфиденциальность, целостность и доступность
BDU:2017-00074
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или оказать иное воздействие на систему
BDU:2017-00646
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00647
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00648
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00649
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00650
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00651
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00652
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00653
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00654
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2017-00764
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00772
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-00773
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2017-01462
Уязвимость компонента hw/virtio/virtio-crypto.c эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03332
Уязвимость функции virgl_cmd_get_capset компонента hw/display/virtio-gpu-3d.c эмулятора аппаратного обеспечения QEMU, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03350
Уязвимость функции virtio_gpu_set_scanout компонента hw/display/virtio-gpu.c эмулятора аппаратного обеспечения QEMU, связанная с недостатком механизма освобождения памяти перед удалением последней ссылки, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03352
Уязвимость функции disas_insn компонента target/i386/translate.c эмулятора аппаратного обеспечения QEMU, связанная с недостатком механизма управления генерацией кода, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2025-04-20
CVE-2016-10028
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31
- http://www.openwall.com/lists/oss-security/2016/12/20/1
- http://www.openwall.com/lists/oss-security/2016/12/22/14
- http://www.securityfocus.com/bid/94981
- http://www.securitytracker.com/id/1037525
- https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
- https://security.gentoo.org/glsa/201701-49
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31
- http://www.openwall.com/lists/oss-security/2016/12/20/1
- http://www.openwall.com/lists/oss-security/2016/12/22/14
- http://www.securityfocus.com/bid/94981
- http://www.securitytracker.com/id/1037525
- https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
- https://security.gentoo.org/glsa/201701-49
Modified: 2025-04-20
CVE-2016-10155
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
- http://www.openwall.com/lists/oss-security/2017/01/20/14
- http://www.openwall.com/lists/oss-security/2017/01/21/4
- http://www.securityfocus.com/bid/95770
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201702-28
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
- http://www.openwall.com/lists/oss-security/2017/01/20/14
- http://www.openwall.com/lists/oss-security/2017/01/21/4
- http://www.securityfocus.com/bid/95770
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201702-28
Modified: 2025-04-12
CVE-2016-7907
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
- http://www.openwall.com/lists/oss-security/2016/10/03/1
- http://www.openwall.com/lists/oss-security/2016/10/03/4
- http://www.securityfocus.com/bid/93274
- https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html
- https://security.gentoo.org/glsa/201611-11
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
- http://www.openwall.com/lists/oss-security/2016/10/03/1
- http://www.openwall.com/lists/oss-security/2016/10/03/4
- http://www.securityfocus.com/bid/93274
- https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html
- https://security.gentoo.org/glsa/201611-11
Modified: 2025-04-12
CVE-2016-8667
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
- http://www.openwall.com/lists/oss-security/2016/10/14/6
- http://www.openwall.com/lists/oss-security/2016/10/15/4
- http://www.securityfocus.com/bid/93567
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html
- http://www.openwall.com/lists/oss-security/2016/10/14/6
- http://www.openwall.com/lists/oss-security/2016/10/15/4
- http://www.securityfocus.com/bid/93567
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
Modified: 2024-11-21
CVE-2016-9602
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
- http://www.openwall.com/lists/oss-security/2017/01/17/12
- http://www.securityfocus.com/bid/95461
- http://www.securitytracker.com/id/1037604
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html
- https://security.gentoo.org/glsa/201704-01
- http://www.openwall.com/lists/oss-security/2017/01/17/12
- http://www.securityfocus.com/bid/95461
- http://www.securitytracker.com/id/1037604
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04347.html
- https://security.gentoo.org/glsa/201704-01
Modified: 2024-11-21
CVE-2016-9603
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
- http://www.securityfocus.com/bid/96893
- http://www.securitytracker.com/id/1038023
- https://access.redhat.com/errata/RHSA-2017:0980
- https://access.redhat.com/errata/RHSA-2017:0981
- https://access.redhat.com/errata/RHSA-2017:0982
- https://access.redhat.com/errata/RHSA-2017:0983
- https://access.redhat.com/errata/RHSA-2017:0984
- https://access.redhat.com/errata/RHSA-2017:0985
- https://access.redhat.com/errata/RHSA-2017:0987
- https://access.redhat.com/errata/RHSA-2017:0988
- https://access.redhat.com/errata/RHSA-2017:1205
- https://access.redhat.com/errata/RHSA-2017:1206
- https://access.redhat.com/errata/RHSA-2017:1441
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603
- https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201706-03
- https://support.citrix.com/article/CTX221578
- http://www.securityfocus.com/bid/96893
- http://www.securitytracker.com/id/1038023
- https://access.redhat.com/errata/RHSA-2017:0980
- https://access.redhat.com/errata/RHSA-2017:0981
- https://access.redhat.com/errata/RHSA-2017:0982
- https://access.redhat.com/errata/RHSA-2017:0983
- https://access.redhat.com/errata/RHSA-2017:0984
- https://access.redhat.com/errata/RHSA-2017:0985
- https://access.redhat.com/errata/RHSA-2017:0987
- https://access.redhat.com/errata/RHSA-2017:0988
- https://access.redhat.com/errata/RHSA-2017:1205
- https://access.redhat.com/errata/RHSA-2017:1206
- https://access.redhat.com/errata/RHSA-2017:1441
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603
- https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201706-03
- https://support.citrix.com/article/CTX221578
Modified: 2025-04-12
CVE-2016-9908
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
Modified: 2025-04-12
CVE-2016-9912
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
Modified: 2024-11-21
CVE-2017-18030
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
- http://www.openwall.com/lists/oss-security/2018/01/15/3
- http://www.securityfocus.com/bid/102520
- https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f153b563f8cf121aebf5a2fff5f0110faf58ccb3
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- http://www.openwall.com/lists/oss-security/2018/01/15/3
- http://www.securityfocus.com/bid/102520
- https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f153b563f8cf121aebf5a2fff5f0110faf58ccb3
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Modified: 2024-11-21
CVE-2017-2615
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
- http://rhn.redhat.com/errata/RHSA-2017-0309.html
- http://rhn.redhat.com/errata/RHSA-2017-0328.html
- http://rhn.redhat.com/errata/RHSA-2017-0329.html
- http://rhn.redhat.com/errata/RHSA-2017-0330.html
- http://rhn.redhat.com/errata/RHSA-2017-0331.html
- http://rhn.redhat.com/errata/RHSA-2017-0332.html
- http://rhn.redhat.com/errata/RHSA-2017-0333.html
- http://rhn.redhat.com/errata/RHSA-2017-0334.html
- http://rhn.redhat.com/errata/RHSA-2017-0344.html
- http://rhn.redhat.com/errata/RHSA-2017-0350.html
- http://rhn.redhat.com/errata/RHSA-2017-0396.html
- http://rhn.redhat.com/errata/RHSA-2017-0454.html
- http://www.openwall.com/lists/oss-security/2017/02/01/6
- http://www.securityfocus.com/bid/95990
- http://www.securitytracker.com/id/1037804
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html
- https://security.gentoo.org/glsa/201702-27
- https://security.gentoo.org/glsa/201702-28
- https://support.citrix.com/article/CTX220771
- http://rhn.redhat.com/errata/RHSA-2017-0309.html
- http://rhn.redhat.com/errata/RHSA-2017-0328.html
- http://rhn.redhat.com/errata/RHSA-2017-0329.html
- http://rhn.redhat.com/errata/RHSA-2017-0330.html
- http://rhn.redhat.com/errata/RHSA-2017-0331.html
- http://rhn.redhat.com/errata/RHSA-2017-0332.html
- http://rhn.redhat.com/errata/RHSA-2017-0333.html
- http://rhn.redhat.com/errata/RHSA-2017-0334.html
- http://rhn.redhat.com/errata/RHSA-2017-0344.html
- http://rhn.redhat.com/errata/RHSA-2017-0350.html
- http://rhn.redhat.com/errata/RHSA-2017-0396.html
- http://rhn.redhat.com/errata/RHSA-2017-0454.html
- http://www.openwall.com/lists/oss-security/2017/02/01/6
- http://www.securityfocus.com/bid/95990
- http://www.securitytracker.com/id/1037804
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html
- https://security.gentoo.org/glsa/201702-27
- https://security.gentoo.org/glsa/201702-28
- https://support.citrix.com/article/CTX220771
Modified: 2024-11-21
CVE-2017-2630
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.
- http://www.openwall.com/lists/oss-security/2017/02/15/2
- http://www.securityfocus.com/bid/96265
- https://access.redhat.com/errata/RHSA-2017:2392
- https://bugzilla.redhat.com/show_bug.cgi?id=1422415
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630
- https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html
- https://security.gentoo.org/glsa/201704-01
- http://www.openwall.com/lists/oss-security/2017/02/15/2
- http://www.securityfocus.com/bid/96265
- https://access.redhat.com/errata/RHSA-2017:2392
- https://bugzilla.redhat.com/show_bug.cgi?id=1422415
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2630
- https://github.com/qemu/qemu/commit/2563c9c6b8670400c48e562034b321a7cf3d9a85
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html
- https://security.gentoo.org/glsa/201704-01
Modified: 2025-04-20
CVE-2017-5525
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=12351a91da97b414eec8cdb09f1d9f41e535a401
- http://www.openwall.com/lists/oss-security/2017/01/17/19
- http://www.openwall.com/lists/oss-security/2017/01/18/7
- http://www.securityfocus.com/bid/95671
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201702-28
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=12351a91da97b414eec8cdb09f1d9f41e535a401
- http://www.openwall.com/lists/oss-security/2017/01/17/19
- http://www.openwall.com/lists/oss-security/2017/01/18/7
- http://www.securityfocus.com/bid/95671
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201702-28
Modified: 2025-04-20
CVE-2017-5526
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
- http://www.openwall.com/lists/oss-security/2017/01/18/1
- http://www.openwall.com/lists/oss-security/2017/01/18/8
- http://www.securityfocus.com/bid/95669
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
- http://www.openwall.com/lists/oss-security/2017/01/18/1
- http://www.openwall.com/lists/oss-security/2017/01/18/8
- http://www.securityfocus.com/bid/95669
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Modified: 2025-04-20
CVE-2017-5552
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=33243031dad02d161225ba99d782616da133f689
- http://www.openwall.com/lists/oss-security/2017/01/20/17
- http://www.openwall.com/lists/oss-security/2017/01/21/5
- http://www.securityfocus.com/bid/95773
- https://security.gentoo.org/glsa/201702-28
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=33243031dad02d161225ba99d782616da133f689
- http://www.openwall.com/lists/oss-security/2017/01/20/17
- http://www.openwall.com/lists/oss-security/2017/01/21/5
- http://www.securityfocus.com/bid/95773
- https://security.gentoo.org/glsa/201702-28
Modified: 2025-04-20
CVE-2017-5578
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=204f01b30975923c64006f8067f0937b91eea68b
- http://www.openwall.com/lists/oss-security/2017/01/23/3
- http://www.openwall.com/lists/oss-security/2017/01/25/2
- http://www.securityfocus.com/bid/95781
- https://security.gentoo.org/glsa/201702-28
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=204f01b30975923c64006f8067f0937b91eea68b
- http://www.openwall.com/lists/oss-security/2017/01/23/3
- http://www.openwall.com/lists/oss-security/2017/01/25/2
- http://www.securityfocus.com/bid/95781
- https://security.gentoo.org/glsa/201702-28
Modified: 2025-04-20
CVE-2017-5579
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
- http://www.openwall.com/lists/oss-security/2017/01/24/8
- http://www.openwall.com/lists/oss-security/2017/01/25/3
- http://www.securityfocus.com/bid/95780
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201702-28
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
- http://www.openwall.com/lists/oss-security/2017/01/24/8
- http://www.openwall.com/lists/oss-security/2017/01/25/3
- http://www.securityfocus.com/bid/95780
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201702-28
Modified: 2025-04-20
CVE-2017-5667
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9
- http://www.openwall.com/lists/oss-security/2017/01/30/2
- http://www.openwall.com/lists/oss-security/2017/01/31/10
- http://www.openwall.com/lists/oss-security/2017/02/12/1
- http://www.securityfocus.com/bid/95885
- https://bugzilla.redhat.com/show_bug.cgi?id=1417559
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201702-28
- http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9
- http://www.openwall.com/lists/oss-security/2017/01/30/2
- http://www.openwall.com/lists/oss-security/2017/01/31/10
- http://www.openwall.com/lists/oss-security/2017/02/12/1
- http://www.securityfocus.com/bid/95885
- https://bugzilla.redhat.com/show_bug.cgi?id=1417559
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201702-28
Modified: 2025-04-20
CVE-2017-5856
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3
- http://www.openwall.com/lists/oss-security/2017/02/01/19
- http://www.openwall.com/lists/oss-security/2017/02/02/14
- http://www.securityfocus.com/bid/95999
- https://bugzilla.redhat.com/show_bug.cgi?id=1418342
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201702-28
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3
- http://www.openwall.com/lists/oss-security/2017/02/01/19
- http://www.openwall.com/lists/oss-security/2017/02/02/14
- http://www.securityfocus.com/bid/95999
- https://bugzilla.redhat.com/show_bug.cgi?id=1418342
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201702-28
Modified: 2025-04-20
CVE-2017-5857
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=5e8e3c4c75c199aa1017db816fca02be2a9f8798
- http://www.openwall.com/lists/oss-security/2017/02/01/21
- http://www.openwall.com/lists/oss-security/2017/02/02/16
- http://www.securityfocus.com/bid/95993
- https://bugzilla.redhat.com/show_bug.cgi?id=1418382
- https://security.gentoo.org/glsa/201702-28
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=5e8e3c4c75c199aa1017db816fca02be2a9f8798
- http://www.openwall.com/lists/oss-security/2017/02/01/21
- http://www.openwall.com/lists/oss-security/2017/02/02/16
- http://www.securityfocus.com/bid/95993
- https://bugzilla.redhat.com/show_bug.cgi?id=1418382
- https://security.gentoo.org/glsa/201702-28
Modified: 2025-04-20
CVE-2017-5898
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html
- http://www.openwall.com/lists/oss-security/2017/02/07/3
- http://www.securityfocus.com/bid/96112
- https://access.redhat.com/errata/RHSA-2017:1856
- https://access.redhat.com/errata/RHSA-2017:2392
- https://bugzilla.redhat.com/show_bug.cgi?id=1419699
- https://security.gentoo.org/glsa/201702-28
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00048.html
- http://www.openwall.com/lists/oss-security/2017/02/07/3
- http://www.securityfocus.com/bid/96112
- https://access.redhat.com/errata/RHSA-2017:1856
- https://access.redhat.com/errata/RHSA-2017:2392
- https://bugzilla.redhat.com/show_bug.cgi?id=1419699
- https://security.gentoo.org/glsa/201702-28
Modified: 2025-04-20
CVE-2017-5931
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=a08aaff811fb194950f79711d2afe5a892ae03a4
- http://www.openwall.com/lists/oss-security/2017/02/08/2
- http://www.securityfocus.com/bid/96141
- https://bugzilla.redhat.com/show_bug.cgi?id=1420092
- https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html
- https://security.gentoo.org/glsa/201702-28
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=a08aaff811fb194950f79711d2afe5a892ae03a4
- http://www.openwall.com/lists/oss-security/2017/02/08/2
- http://www.securityfocus.com/bid/96141
- https://bugzilla.redhat.com/show_bug.cgi?id=1420092
- https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html
- https://security.gentoo.org/glsa/201702-28
Modified: 2025-04-20
CVE-2017-5973
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b
- http://www.openwall.com/lists/oss-security/2017/02/13/11
- http://www.securityfocus.com/bid/96220
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://bugzilla.redhat.com/show_bug.cgi?id=1421626
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
- https://security.gentoo.org/glsa/201704-01
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b
- http://www.openwall.com/lists/oss-security/2017/02/13/11
- http://www.securityfocus.com/bid/96220
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://bugzilla.redhat.com/show_bug.cgi?id=1421626
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
- https://security.gentoo.org/glsa/201704-01
Modified: 2025-04-20
CVE-2017-5987
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=6e86d90352adf6cb08295255220295cf23c4286e
- http://www.openwall.com/lists/oss-security/2017/02/14/8
- http://www.securityfocus.com/bid/96263
- https://bugzilla.redhat.com/show_bug.cgi?id=1421995
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html
- https://security.gentoo.org/glsa/201704-01
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=6e86d90352adf6cb08295255220295cf23c4286e
- http://www.openwall.com/lists/oss-security/2017/02/14/8
- http://www.securityfocus.com/bid/96263
- https://bugzilla.redhat.com/show_bug.cgi?id=1421995
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html
- https://security.gentoo.org/glsa/201704-01
Modified: 2025-04-20
CVE-2017-6058
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6
- http://www.openwall.com/lists/oss-security/2017/02/17/2
- http://www.securityfocus.com/bid/96277
- http://www.securitytracker.com/id/1037856
- https://bugzilla.redhat.com/show_bug.cgi?id=1423358
- https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html
- https://security.gentoo.org/glsa/201704-01
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6
- http://www.openwall.com/lists/oss-security/2017/02/17/2
- http://www.securityfocus.com/bid/96277
- http://www.securitytracker.com/id/1037856
- https://bugzilla.redhat.com/show_bug.cgi?id=1423358
- https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html
- https://security.gentoo.org/glsa/201704-01
Modified: 2025-04-20
CVE-2017-6505
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
- http://www.openwall.com/lists/oss-security/2017/03/06/6
- http://www.securityfocus.com/bid/96611
- https://bugzilla.redhat.com/show_bug.cgi?id=1429432
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201704-01
- http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
- http://www.openwall.com/lists/oss-security/2017/03/06/6
- http://www.securityfocus.com/bid/96611
- https://bugzilla.redhat.com/show_bug.cgi?id=1429432
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201704-01
Modified: 2025-04-20
CVE-2017-7377
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
- http://www.openwall.com/lists/oss-security/2017/04/03/2
- http://www.securityfocus.com/bid/97319
- https://bugzilla.redhat.com/show_bug.cgi?id=1437871
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html
- https://security.gentoo.org/glsa/201706-03
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
- http://www.openwall.com/lists/oss-security/2017/04/03/2
- http://www.securityfocus.com/bid/97319
- https://bugzilla.redhat.com/show_bug.cgi?id=1437871
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html
- https://security.gentoo.org/glsa/201706-03
Modified: 2024-11-21
CVE-2017-7471
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
- http://www.openwall.com/lists/oss-security/2017/04/19/2
- http://www.securityfocus.com/bid/97970
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e
- https://security.gentoo.org/glsa/201706-03
- http://www.openwall.com/lists/oss-security/2017/04/19/2
- http://www.securityfocus.com/bid/97970
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e
- https://security.gentoo.org/glsa/201706-03
Modified: 2025-04-20
CVE-2017-7718
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904
- http://www.openwall.com/lists/oss-security/2017/04/19/4
- http://www.securityfocus.com/bid/97957
- https://access.redhat.com/errata/RHSA-2017:0980
- https://access.redhat.com/errata/RHSA-2017:0981
- https://access.redhat.com/errata/RHSA-2017:0982
- https://access.redhat.com/errata/RHSA-2017:0983
- https://access.redhat.com/errata/RHSA-2017:0984
- https://access.redhat.com/errata/RHSA-2017:0988
- https://access.redhat.com/errata/RHSA-2017:1205
- https://access.redhat.com/errata/RHSA-2017:1206
- https://access.redhat.com/errata/RHSA-2017:1430
- https://access.redhat.com/errata/RHSA-2017:1431
- https://access.redhat.com/errata/RHSA-2017:1441
- https://bugzilla.redhat.com/show_bug.cgi?id=1443441
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201706-03
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904
- http://www.openwall.com/lists/oss-security/2017/04/19/4
- http://www.securityfocus.com/bid/97957
- https://access.redhat.com/errata/RHSA-2017:0980
- https://access.redhat.com/errata/RHSA-2017:0981
- https://access.redhat.com/errata/RHSA-2017:0982
- https://access.redhat.com/errata/RHSA-2017:0983
- https://access.redhat.com/errata/RHSA-2017:0984
- https://access.redhat.com/errata/RHSA-2017:0988
- https://access.redhat.com/errata/RHSA-2017:1205
- https://access.redhat.com/errata/RHSA-2017:1206
- https://access.redhat.com/errata/RHSA-2017:1430
- https://access.redhat.com/errata/RHSA-2017:1431
- https://access.redhat.com/errata/RHSA-2017:1441
- https://bugzilla.redhat.com/show_bug.cgi?id=1443441
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201706-03
Modified: 2025-04-20
CVE-2017-8086
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2
- http://www.openwall.com/lists/oss-security/2017/04/25/5
- http://www.securityfocus.com/bid/98012
- https://bugzilla.redhat.com/show_bug.cgi?id=1444781
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html
- https://security.gentoo.org/glsa/201706-03
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2
- http://www.openwall.com/lists/oss-security/2017/04/25/5
- http://www.securityfocus.com/bid/98012
- https://bugzilla.redhat.com/show_bug.cgi?id=1444781
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg01636.html
- https://security.gentoo.org/glsa/201706-03
Modified: 2025-04-20
CVE-2017-8284
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.
Modified: 2025-04-20
CVE-2017-9060
Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=dd248ed7e204ee8a1873914e02b8b526e8f1b80d
- http://www.openwall.com/lists/oss-security/2017/05/19/1
- http://www.securityfocus.com/bid/98632
- https://bugzilla.redhat.com/show_bug.cgi?id=1452597
- https://security.gentoo.org/glsa/201706-03
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=dd248ed7e204ee8a1873914e02b8b526e8f1b80d
- http://www.openwall.com/lists/oss-security/2017/05/19/1
- http://www.securityfocus.com/bid/98632
- https://bugzilla.redhat.com/show_bug.cgi?id=1452597
- https://security.gentoo.org/glsa/201706-03
Modified: 2025-04-20
CVE-2017-9310
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.
- http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4154c7e03fa55b4cf52509a83d50d6c09d743b7
- http://www.debian.org/security/2017/dsa-3920
- http://www.openwall.com/lists/oss-security/2017/05/31/1
- http://www.securityfocus.com/bid/98766
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://bugzilla.redhat.com/show_bug.cgi?id=1452620
- https://security.gentoo.org/glsa/201706-03
- http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=4154c7e03fa55b4cf52509a83d50d6c09d743b7
- http://www.debian.org/security/2017/dsa-3920
- http://www.openwall.com/lists/oss-security/2017/05/31/1
- http://www.securityfocus.com/bid/98766
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://bugzilla.redhat.com/show_bug.cgi?id=1452620
- https://security.gentoo.org/glsa/201706-03
Modified: 2025-04-20
CVE-2017-9330
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d
- http://www.debian.org/security/2017/dsa-3920
- http://www.openwall.com/lists/oss-security/2017/06/01/3
- http://www.securityfocus.com/bid/98779
- https://bugzilla.redhat.com/show_bug.cgi?id=1457697
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201706-03
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d
- http://www.debian.org/security/2017/dsa-3920
- http://www.openwall.com/lists/oss-security/2017/06/01/3
- http://www.securityfocus.com/bid/98779
- https://bugzilla.redhat.com/show_bug.cgi?id=1457697
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201706-03
Modified: 2025-04-20
CVE-2017-9373
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d68f0f778e7f4fbd674627274267f269e40f0b04
- http://www.debian.org/security/2017/dsa-3920
- http://www.openwall.com/lists/oss-security/2017/06/05/1
- http://www.securityfocus.com/bid/98921
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://bugzilla.redhat.com/show_bug.cgi?id=1458270
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d68f0f778e7f4fbd674627274267f269e40f0b04
- http://www.debian.org/security/2017/dsa-3920
- http://www.openwall.com/lists/oss-security/2017/06/05/1
- http://www.securityfocus.com/bid/98921
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://bugzilla.redhat.com/show_bug.cgi?id=1458270
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Modified: 2025-04-20
CVE-2017-9374
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
- http://www.debian.org/security/2017/dsa-3920
- http://www.openwall.com/lists/oss-security/2017/06/06/3
- http://www.securityfocus.com/bid/98905
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://bugzilla.redhat.com/show_bug.cgi?id=1459132
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
- http://www.debian.org/security/2017/dsa-3920
- http://www.openwall.com/lists/oss-security/2017/06/06/3
- http://www.securityfocus.com/bid/98905
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://bugzilla.redhat.com/show_bug.cgi?id=1459132
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
Modified: 2025-04-20
CVE-2017-9375
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=96d87bdda3919bb16f754b3d3fd1227e1f38f13c
- http://www.debian.org/security/2017/dsa-3991
- http://www.openwall.com/lists/oss-security/2017/06/05/2
- http://www.securityfocus.com/bid/98915
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://bugzilla.redhat.com/show_bug.cgi?id=1458744
- https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=96d87bdda3919bb16f754b3d3fd1227e1f38f13c
- http://www.debian.org/security/2017/dsa-3991
- http://www.openwall.com/lists/oss-security/2017/06/05/2
- http://www.securityfocus.com/bid/98915
- https://access.redhat.com/errata/RHSA-2017:2392
- https://access.redhat.com/errata/RHSA-2017:2408
- https://bugzilla.redhat.com/show_bug.cgi?id=1458744
- https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
Modified: 2024-11-21
CVE-2018-17962
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
- http://www.openwall.com/lists/oss-security/2018/10/08/1
- https://access.redhat.com/errata/RHSA-2019:2892
- https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
- https://usn.ubuntu.com/3826-1/
- https://www.debian.org/security/2018/dsa-4338
- https://access.redhat.com/security/cve/cve-2018-17962
- https://linux.oracle.com/cve/CVE-2018-17962.html
- https://www.suse.com/security/cve/CVE-2018-17962/
- http://www.openwall.com/lists/oss-security/2018/10/08/1
- https://access.redhat.com/errata/RHSA-2019:2892
- https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
- https://usn.ubuntu.com/3826-1/
- https://www.debian.org/security/2018/dsa-4338