ALT-PU-2018-2161-1
Closed vulnerabilities
BDU:2019-03333
Уязвимость функции m_cat эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании
BDU:2020-00757
Уязвимость функции qmp_guest_file_read эмулятора аппаратного обеспечения QEMU, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-05783
Уязвимость команды PVRDMA_CMD_CREATE_MR эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-01716
Уязвимость устройства RDMA эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
- http://www.openwall.com/lists/oss-security/2018/06/07/1
- http://www.securityfocus.com/bid/104400
- https://access.redhat.com/errata/RHSA-2018:2462
- https://access.redhat.com/errata/RHSA-2018:2762
- https://access.redhat.com/errata/RHSA-2018:2822
- https://access.redhat.com/errata/RHSA-2018:2887
- https://access.redhat.com/errata/RHSA-2019:2892
- https://bugzilla.redhat.com/show_bug.cgi?id=1586245
- https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
- https://seclists.org/bugtraq/2019/May/76
- https://usn.ubuntu.com/3826-1/
- https://www.debian.org/security/2019/dsa-4454
- https://www.zerodayinitiative.com/advisories/ZDI-18-567/
- http://www.openwall.com/lists/oss-security/2018/06/07/1
- http://www.securityfocus.com/bid/104400
- https://access.redhat.com/errata/RHSA-2018:2462
- https://access.redhat.com/errata/RHSA-2018:2762
- https://access.redhat.com/errata/RHSA-2018:2822
- https://access.redhat.com/errata/RHSA-2018:2887
- https://access.redhat.com/errata/RHSA-2019:2892
- https://bugzilla.redhat.com/show_bug.cgi?id=1586245
- https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
- https://seclists.org/bugtraq/2019/May/76
- https://usn.ubuntu.com/3826-1/
- https://www.debian.org/security/2019/dsa-4454
- https://www.zerodayinitiative.com/advisories/ZDI-18-567/
Modified: 2024-11-21
CVE-2018-12617
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
- http://www.securityfocus.com/bid/104531
- https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
- https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
- https://seclists.org/bugtraq/2019/May/76
- https://usn.ubuntu.com/3826-1/
- https://www.debian.org/security/2019/dsa-4454
- https://www.exploit-db.com/exploits/44925/
- http://www.securityfocus.com/bid/104531
- https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
- https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
- https://seclists.org/bugtraq/2019/May/76
- https://usn.ubuntu.com/3826-1/
- https://www.debian.org/security/2019/dsa-4454
- https://www.exploit-db.com/exploits/44925/
Modified: 2024-11-21
CVE-2018-17962
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
- http://www.openwall.com/lists/oss-security/2018/10/08/1
- https://access.redhat.com/errata/RHSA-2019:2892
- https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
- https://usn.ubuntu.com/3826-1/
- https://www.debian.org/security/2018/dsa-4338
- https://access.redhat.com/security/cve/cve-2018-17962
- https://linux.oracle.com/cve/CVE-2018-17962.html
- https://www.suse.com/security/cve/CVE-2018-17962/
- http://www.openwall.com/lists/oss-security/2018/10/08/1
- https://access.redhat.com/errata/RHSA-2019:2892
- https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
- https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
- https://usn.ubuntu.com/3826-1/
- https://www.debian.org/security/2018/dsa-4338
Modified: 2024-11-21
CVE-2021-3582
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threat from this vulnerability is to system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1966266
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- https://security.gentoo.org/glsa/202208-27
- https://security.netapp.com/advisory/ntap-20220429-0003/
- https://bugzilla.redhat.com/show_bug.cgi?id=1966266
- https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html
- https://security.gentoo.org/glsa/202208-27
- https://security.netapp.com/advisory/ntap-20220429-0003/
Modified: 2024-11-21
CVE-2022-1050
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.