MEDIUM5.0
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
Серьёзность:
Закрытые проблемы (15)
CRITICAL10.0
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое неустановленное воздействие
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CCRITICAL10.0
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии в гостевой операционной системе
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CLOW1.9
Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 2.0НИЗКАЯ 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:PHIGH7.5
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HСсылки
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
- http://www.debian.org/security/2015/dsa-3361
- http://www.debian.org/security/2015/dsa-3362
- http://www.openwall.com/lists/oss-security/2015/09/10/1
- http://www.openwall.com/lists/oss-security/2015/09/10/2
- http://www.securityfocus.com/bid/76691
- http://www.ubuntu.com/usn/USN-2745-1
- https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html
- https://security.gentoo.org/glsa/201602-01
- https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
- http://www.debian.org/security/2015/dsa-3361
- http://www.debian.org/security/2015/dsa-3362
- http://www.openwall.com/lists/oss-security/2015/09/10/1
- http://www.openwall.com/lists/oss-security/2015/09/10/2
- http://www.securityfocus.com/bid/76691
- http://www.ubuntu.com/usn/USN-2745-1
- https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html
- https://security.gentoo.org/glsa/201602-01
- https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14
MEDIUM5.0
hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PСсылки
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169767.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169802.html
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/09/18/5
- http://www.openwall.com/lists/oss-security/2015/09/18/9
- http://www.securityfocus.com/bid/82672
- https://security.gentoo.org/glsa/201602-01
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169624.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169767.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169802.html
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/09/18/5
- http://www.openwall.com/lists/oss-security/2015/09/18/9
- http://www.securityfocus.com/bid/82672
- https://security.gentoo.org/glsa/201602-01
HIGH8.8
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 8.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HСсылки
- http://rhn.redhat.com/errata/RHSA-2015-2694.html
- http://rhn.redhat.com/errata/RHSA-2015-2695.html
- http://rhn.redhat.com/errata/RHSA-2015-2696.html
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/11/30/2
- http://www.securityfocus.com/bid/78227
- http://www.securitytracker.com/id/1034268
- http://xenbits.xen.org/xsa/advisory-162.html
- https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html
- https://security.gentoo.org/glsa/201602-01
- https://security.gentoo.org/glsa/201604-03
- http://rhn.redhat.com/errata/RHSA-2015-2694.html
- http://rhn.redhat.com/errata/RHSA-2015-2695.html
- http://rhn.redhat.com/errata/RHSA-2015-2696.html
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/11/30/2
- http://www.securityfocus.com/bid/78227
- http://www.securitytracker.com/id/1034268
- http://xenbits.xen.org/xsa/advisory-162.html
- https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html
- https://security.gentoo.org/glsa/201602-01
- https://security.gentoo.org/glsa/201604-03
CRITICAL9.0
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xКРИТИЧЕСКАЯ 9.0
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HСсылки
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f
- http://rhn.redhat.com/errata/RHSA-2015-2694.html
- http://rhn.redhat.com/errata/RHSA-2015-2695.html
- http://rhn.redhat.com/errata/RHSA-2015-2696.html
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/11/30/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/78230
- http://www.securitytracker.com/id/1034527
- https://security.gentoo.org/glsa/201602-01
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f
- http://rhn.redhat.com/errata/RHSA-2015-2694.html
- http://rhn.redhat.com/errata/RHSA-2015-2695.html
- http://rhn.redhat.com/errata/RHSA-2015-2696.html
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/11/30/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/78230
- http://www.securitytracker.com/id/1034527
- https://security.gentoo.org/glsa/201602-01
MEDIUM6.0
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 6.0
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HСсылки
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/12/14/2
- http://www.securityfocus.com/bid/80761
- https://bugzilla.redhat.com/show_bug.cgi?id=1291137
- https://security.gentoo.org/glsa/201602-01
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/12/14/2
- http://www.securityfocus.com/bid/80761
- https://bugzilla.redhat.com/show_bug.cgi?id=1291137
- https://security.gentoo.org/glsa/201602-01
MEDIUM6.5
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HСсылки
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/11/25/11
- http://www.securityfocus.com/bid/77985
- https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
- https://security.gentoo.org/glsa/201602-01
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/11/25/11
- http://www.securityfocus.com/bid/77985
- https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
- https://security.gentoo.org/glsa/201602-01
MEDIUM6.5
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
CVSS 2.0НИЗКАЯ 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/12/08/7
- http://www.securityfocus.com/bid/78708
- https://bugzilla.redhat.com/show_bug.cgi?id=1289541
- https://security.gentoo.org/glsa/201602-01
- http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=4c65fed8bdf96780735dbdb92a8
- http://www.debian.org/security/2016/dsa-3469
- http://www.debian.org/security/2016/dsa-3470
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2015/12/08/7
- http://www.securityfocus.com/bid/78708
- https://bugzilla.redhat.com/show_bug.cgi?id=1289541
- https://security.gentoo.org/glsa/201602-01
CRITICAL10.0
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
CVSS 2.0КРИТИЧЕСКАЯ 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xКРИТИЧЕСКАЯ 10.0
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HСсылки
- http://packetstormsecurity.com/files/134948/Gentoo-QEMU-Local-Privilege-Escalation.html
- https://security.gentoo.org/glsa/201602-01
- https://www.exploit-db.com/exploits/39010/
- http://packetstormsecurity.com/files/134948/Gentoo-QEMU-Local-Privilege-Escalation.html
- https://security.gentoo.org/glsa/201602-01
- https://www.exploit-db.com/exploits/39010/
HIGH7.9
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
CVSS 2.0НИЗКАЯ 3.3
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:P/A:PCVSS 3.xВЫСОКАЯ 7.9
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:HСсылки
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb
- http://www.openwall.com/lists/oss-security/2015/12/24/1
- http://www.securityfocus.com/bid/79670
- https://bugzilla.redhat.com/show_bug.cgi?id=1283722
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201602-01
- http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb
- http://www.openwall.com/lists/oss-security/2015/12/24/1
- http://www.securityfocus.com/bid/79670
- https://bugzilla.redhat.com/show_bug.cgi?id=1283722
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201602-01
MEDIUM5.5
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2016/01/04/3
- http://www.openwall.com/lists/oss-security/2016/01/04/6
- http://www.securityfocus.com/bid/79821
- http://www.securitytracker.com/id/1034576
- https://bugzilla.redhat.com/show_bug.cgi?id=1270871
- https://security.gentoo.org/glsa/201602-01
- http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2016/01/04/3
- http://www.openwall.com/lists/oss-security/2016/01/04/6
- http://www.securityfocus.com/bid/79821
- http://www.securitytracker.com/id/1034576
- https://bugzilla.redhat.com/show_bug.cgi?id=1270871
- https://security.gentoo.org/glsa/201602-01
MEDIUM5.5
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c6048f849c7e3f009786df76206e895
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2016/01/04/4
- http://www.openwall.com/lists/oss-security/2016/01/04/7
- http://www.securityfocus.com/bid/79822
- http://www.securitytracker.com/id/1034575
- https://bugzilla.redhat.com/show_bug.cgi?id=1270876
- https://security.gentoo.org/glsa/201602-01
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c6048f849c7e3f009786df76206e895
- http://www.debian.org/security/2016/dsa-3471
- http://www.openwall.com/lists/oss-security/2016/01/04/4
- http://www.openwall.com/lists/oss-security/2016/01/04/7
- http://www.securityfocus.com/bid/79822
- http://www.securitytracker.com/id/1034575
- https://bugzilla.redhat.com/show_bug.cgi?id=1270876
- https://security.gentoo.org/glsa/201602-01