ALT-PU-2017-2314-1
Closed vulnerabilities
BDU:2017-01803
Уязвимость в qemu-nbd эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-00222
Уязвимость сервера Qemu-NBD эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01313
Уязвимость эмулятора аппаратного обеспечения QEMU, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-10664
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
- DSA-3920
- DSA-3920
- [oss-security] 20170629 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
- [oss-security] 20170629 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
- 99513
- 99513
- RHSA-2017:2390
- RHSA-2017:2390
- RHSA-2017:2445
- RHSA-2017:2445
- RHSA-2017:3466
- RHSA-2017:3466
- RHSA-2017:3470
- RHSA-2017:3470
- RHSA-2017:3471
- RHSA-2017:3471
- RHSA-2017:3472
- RHSA-2017:3472
- RHSA-2017:3473
- RHSA-2017:3473
- RHSA-2017:3474
- RHSA-2017:3474
- https://bugzilla.redhat.com/show_bug.cgi?id=1466190
- https://bugzilla.redhat.com/show_bug.cgi?id=1466190
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update
- [qemu-devel] 20170611 [PATCH] qemu-nbd: Ignore SIGPIPE
- [qemu-devel] 20170611 [PATCH] qemu-nbd: Ignore SIGPIPE
Modified: 2024-11-21
CVE-2017-10806
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
- DSA-3925
- DSA-3925
- [oss-security] 20170707 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging
- [oss-security] 20170707 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging
- 99475
- 99475
- https://bugzilla.redhat.com/show_bug.cgi?id=1468496
- https://bugzilla.redhat.com/show_bug.cgi?id=1468496
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [qemu-devel] 20170512 [PULL 2/6] usb-redir: fix stack overflow in usbredir_log_data
- [qemu-devel] 20170512 [PULL 2/6] usb-redir: fix stack overflow in usbredir_log_data
Modified: 2024-11-21
CVE-2017-11334
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
- DSA-3925
- DSA-3925
- [oss-security] 20170717 CVE-2017-11334 Qemu: exec: oob access during dma operation
- [oss-security] 20170717 CVE-2017-11334 Qemu: exec: oob access during dma operation
- 99895
- 99895
- RHSA-2017:3369
- RHSA-2017:3369
- RHSA-2017:3466
- RHSA-2017:3466
- RHSA-2017:3470
- RHSA-2017:3470
- RHSA-2017:3471
- RHSA-2017:3471
- RHSA-2017:3472
- RHSA-2017:3472
- RHSA-2017:3473
- RHSA-2017:3473
- RHSA-2017:3474
- RHSA-2017:3474
- https://bugzilla.redhat.com/show_bug.cgi?id=1471638
- https://bugzilla.redhat.com/show_bug.cgi?id=1471638
- [qemu-devel] 20170713 [PULL 21/41] exec: use qemu_ram_ptr_length to access guest ram
- [qemu-devel] 20170713 [PULL 21/41] exec: use qemu_ram_ptr_length to access guest ram
- USN-3575-1
- USN-3575-1
Modified: 2024-11-21
CVE-2017-11434
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
- DSA-3925
- DSA-3925
- [oss-security] 20170719 CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options
- [oss-security] 20170719 CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options
- 99923
- 99923
- https://bugzilla.redhat.com/show_bug.cgi?id=1472611
- https://bugzilla.redhat.com/show_bug.cgi?id=1472611
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [qemu-devel] 20170717 [PATCH] slirp: check len against dhcp options array end
- [qemu-devel] 20170717 [PATCH] slirp: check len against dhcp options array end
Modified: 2024-11-21
CVE-2017-7539
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
- [oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine
- [oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine
- 99944
- 99944
- RHSA-2017:2628
- RHSA-2017:2628
- RHSA-2017:3466
- RHSA-2017:3466
- RHSA-2017:3470
- RHSA-2017:3470
- RHSA-2017:3471
- RHSA-2017:3471
- RHSA-2017:3472
- RHSA-2017:3472
- RHSA-2017:3473
- RHSA-2017:3473
- RHSA-2017:3474
- RHSA-2017:3474
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19
- https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19
Modified: 2024-11-21
CVE-2017-9503
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
- [oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command
- [oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command
- 99010
- 99010
- https://bugzilla.redhat.com/show_bug.cgi?id=1459477
- https://bugzilla.redhat.com/show_bug.cgi?id=1459477
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
- [debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update
- [qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once
- [qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once
- [qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas
- [qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas
Modified: 2024-11-21
CVE-2017-9524
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.
- DSA-3925
- DSA-3925
- [oss-security] 20170612 CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation
- [oss-security] 20170612 CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation
- 99011
- 99011
- RHSA-2017:1681
- RHSA-2017:1681
- RHSA-2017:1682
- RHSA-2017:1682
- RHSA-2017:2408
- RHSA-2017:2408
- [qemu-devel] 20170526 [PATCH] nbd: Fully initialize client in case of failed negotiation
- [qemu-devel] 20170526 [PATCH] nbd: Fully initialize client in case of failed negotiation
- [qemu-devel] 20170608 [PATCH] nbd: Fix regression on resiliency to port scan
- [qemu-devel] 20170608 [PATCH] nbd: Fix regression on resiliency to port scan