ALT-PU-2016-2004-1

BDU:2016-01066

CRITICAL9.3

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Опубликовано: 2016-05-05Изменено: 2021-03-23

CVSS 2.0КРИТИЧЕСКАЯ 9.3

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C

Ссылки

BDU:2017-01032

LOW1.9

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2017-04-27Изменено: 2021-03-23

CVSS 2.0НИЗКАЯ 1.9

CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:P

Ссылки

BDU:2017-01033

MEDIUM4.7

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Опубликовано: 2017-04-27Изменено: 2021-03-23

CVSS 2.0СРЕДНЯЯ 4.7

CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C

Ссылки

CVE-2015-8568

MEDIUM6.5

Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.

Опубликовано: 2017-04-11Изменено: 2025-04-20

CVSS 2.0СРЕДНЯЯ 4.7

CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Ссылки

CVE-2015-8613

MEDIUM6.5

Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.

Опубликовано: 2017-04-11Изменено: 2025-04-20

CVSS 2.0НИЗКАЯ 1.9

CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Ссылки

CVE-2015-8743

HIGH7.1

QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.

Опубликовано: 2016-12-29Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 3.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Ссылки

CVE-2016-1568

HIGH8.8

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

Опубликовано: 2016-04-12Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 6.9

CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Ссылки

CVE-2016-2392

MEDIUM6.5

The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.

Опубликовано: 2016-06-16Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.5

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Ссылки

CVE-2016-2538

HIGH7.1

Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.

Опубликовано: 2016-06-16Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 3.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.1

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Ссылки

CVE-2016-2841

MEDIUM6.0

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

Опубликовано: 2016-06-16Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 6.0

CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Ссылки

CVE-2016-2857

HIGH8.4

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

Опубликовано: 2016-04-12Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 3.6

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS 3.xВЫСОКАЯ 8.4

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

Ссылки

CVE-2016-3710

HIGH8.8

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Опубликовано: 2016-05-11Изменено: 2025-04-12

CVSS 2.0ВЫСОКАЯ 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xВЫСОКАЯ 8.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Ссылки

CVE-2016-3712

MEDIUM5.5

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

Опубликовано: 2016-05-11Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xСРЕДНЯЯ 5.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ссылки

CVE-2016-4037

MEDIUM6.0

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.

Опубликовано: 2016-05-23Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS 3.xСРЕДНЯЯ 6.0

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Ссылки

Обновление пакета qemu в ветке c7

Закрытые проблемы (14)

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.

Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.

QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.