ALT-PU-2018-1657-1
Closed vulnerabilities
BDU:2018-00091
Уязвимость функции post_load (hw/input/ps2.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю выполнить чтение за границами буфера в динамической памяти
BDU:2018-01508
Уязвимость функции load_multiboot эмулятора аппаратного обеспечения Qemu, связанная с записью за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2019-00716
Уязвимость функции vga_draw_text эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2019-00721
Уязвимость эмулятора аппаратного обеспечения QEMU позволяет записывать данные за пределами заданного буфера, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-04-20
CVE-2017-16845
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
- http://www.securityfocus.com/bid/101923
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
- https://usn.ubuntu.com/3575-1/
- https://usn.ubuntu.com/3649-1/
- https://www.debian.org/security/2018/dsa-4213
- http://www.securityfocus.com/bid/101923
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
- https://usn.ubuntu.com/3575-1/
- https://usn.ubuntu.com/3649-1/
- https://www.debian.org/security/2018/dsa-4213
Modified: 2024-11-21
CVE-2018-5683
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
- http://www.openwall.com/lists/oss-security/2018/01/15/2
- http://www.securityfocus.com/bid/102518
- https://access.redhat.com/errata/RHSA-2018:0816
- https://access.redhat.com/errata/RHSA-2018:1104
- https://access.redhat.com/errata/RHSA-2018:2162
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html
- https://usn.ubuntu.com/3575-1/
- https://www.debian.org/security/2018/dsa-4213
- http://www.openwall.com/lists/oss-security/2018/01/15/2
- http://www.securityfocus.com/bid/102518
- https://access.redhat.com/errata/RHSA-2018:0816
- https://access.redhat.com/errata/RHSA-2018:1104
- https://access.redhat.com/errata/RHSA-2018:2162
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html
- https://usn.ubuntu.com/3575-1/
- https://www.debian.org/security/2018/dsa-4213
Modified: 2024-11-21
CVE-2018-7550
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
- http://www.securityfocus.com/bid/103181
- https://access.redhat.com/errata/RHSA-2018:1369
- https://access.redhat.com/errata/RHSA-2018:2462
- https://bugzilla.redhat.com/show_bug.cgi?id=1549798
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53
- https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
- https://usn.ubuntu.com/3649-1/
- https://www.debian.org/security/2018/dsa-4213
- http://www.securityfocus.com/bid/103181
- https://access.redhat.com/errata/RHSA-2018:1369
- https://access.redhat.com/errata/RHSA-2018:2462
- https://bugzilla.redhat.com/show_bug.cgi?id=1549798
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53
- https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html
- https://usn.ubuntu.com/3649-1/
- https://www.debian.org/security/2018/dsa-4213
Modified: 2024-11-21
CVE-2018-7858
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
- http://www.openwall.com/lists/oss-security/2018/03/09/1
- http://www.securityfocus.com/bid/103350
- https://access.redhat.com/errata/RHSA-2018:1369
- https://access.redhat.com/errata/RHSA-2018:1416
- https://access.redhat.com/errata/RHSA-2018:2162
- https://bugzilla.redhat.com/show_bug.cgi?id=1553402
- https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
- https://usn.ubuntu.com/3649-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html
- http://www.openwall.com/lists/oss-security/2018/03/09/1
- http://www.securityfocus.com/bid/103350
- https://access.redhat.com/errata/RHSA-2018:1369
- https://access.redhat.com/errata/RHSA-2018:1416
- https://access.redhat.com/errata/RHSA-2018:2162
- https://bugzilla.redhat.com/show_bug.cgi?id=1553402
- https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
- https://usn.ubuntu.com/3649-1/