| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of QEMU
QEMU: denial of service against the Network Block Device server
Synthesis of the vulnerability
An attacker can start NBD connexions to QEMU, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 13/06/2017.
Identifiers: CVE-2017-9524, DSA-3920-1, DSA-3925-1, FEDORA-2017-b7f1197c23, openSUSE-SU-2017:2941-1, RHSA-2017:1681-01, SUSE-SU-2017:2936-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22953.
Description of the vulnerability
QEMU includes a "Network Block Device" server, which emulates a kind a remote raw disk.
However, when the NBS signalling is aborted at connexion time, a data structure becomes invalid, which leads to the use of an invalid pointer and a fatal exception.
An attacker can therefore start NBD connexions to QEMU, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial) |
QEMU: memory leak via the EHCI emulation
Synthesis of the vulnerability
A privileged attacker, inside a guest system, can create a memory leak via the EHCI emulation in QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 07/06/2017.
Identifiers: CVE-2017-9374, DLA-1497-1, DSA-3920-1, FEDORA-2017-f941184db1, openSUSE-SU-2017:1872-1, RHSA-2017:2392-01, SUSE-SU-2017:1770-1, SUSE-SU-2017:1774-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, SUSE-SU-2017:2946-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22912.
Description of the vulnerability
A privileged attacker, inside a guest system, can create a memory leak via the EHCI emulation in QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial) |
QEMU: memory leak via the AHCI emulation
Synthesis of the vulnerability
A privileged attacker, inside a guest system, can create a memory leak via the AHCI emulation in QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 06/06/2017.
Identifiers: CVE-2017-9373, DLA-1497-1, DSA-3920-1, openSUSE-SU-2017:1872-1, RHSA-2017:2392-01, SUSE-SU-2017:1774-1, SUSE-SU-2017:2946-1, SUSE-SU-2017:2963-1, SUSE-SU-2017:2969-1, SUSE-SU-2017:3084-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22901.
Description of the vulnerability
A privileged attacker, inside a guest system, can create a memory leak via the AHCI emulation in QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial) |
QEMU: infinite loop via the USB OHCI emulation
Synthesis of the vulnerability
An attacker, inside a guest system, can generate an infinite loop via the USB emulation, OHCI interface in QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 01/06/2017.
Identifiers: CVE-2017-9330, DLA-1497-1, DSA-3920-1, FEDORA-2017-b7f1197c23, FEDORA-2017-ed735463e3, FEDORA-2017-f941184db1, openSUSE-SU-2017:1826-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:1715-1, SUSE-SU-2017:1742-1, SUSE-SU-2017:1770-1, SUSE-SU-2017:1774-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, SUSE-SU-2017:2946-1, SUSE-SU-2017:2963-1, SUSE-SU-2017:2969-1, SUSE-SU-2017:3084-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22880.
Description of the vulnerability
An attacker, inside a guest system, can generate an infinite loop via the USB emulation, OHCI interface in QEMU, in order to trigger a denial of service on the host system.
Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial) |
QEMU: infinite loop in the emulator of the network device e1000e
Synthesis of the vulnerability
A privileged attacker, inside a guest system, can generate an endless loop in the QEMU emulator for the netword card 1000e, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, QEMU, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 31/05/2017.
Identifiers: 1452620, CVE-2017-9310, DSA-3920-1, FEDORA-2017-f941184db1, RHSA-2017:2392-01, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22869.
Description of the vulnerability
A privileged attacker, inside a guest system, can generate an endless loop in the QEMU emulator for the netword card 1000e, in order to trigger a denial of service on the host system.
A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial) |
QEMU: buffer overflow via the Ethernet VLAN header
Synthesis of the vulnerability
An attacker can generate a buffer overflow sending Ethernet frames with a VLAN header to a guest system in QEMU, in order to trigger a denial of service against the host system, and possibly to run code.
Impacted products: Fedora, QEMU.
Severity: 1/4.
Creation date: 20/02/2017.
Identifiers: CVE-2017-6058, FEDORA-2017-31b976672b, VIGILANCE-VUL-21903.
Description of the vulnerability
An attacker can therefore generate a buffer overflow sending Ethernet frames with a VLAN header to a guest system in QEMU, in order to trigger a denial of service against the host system, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial) |
QEMU: file corruption via 9pfs
Synthesis of the vulnerability
A local attacker can create a symbolic link, in order to access files with the privileges of QEMU on the host system.
Impacted products: Debian, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 17/01/2017.
Revision date: 17/02/2017.
Identifiers: 1035, CVE-2016-9602, DLA-1035-1, DLA-1497-1, DLA-965-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:1774-1, SUSE-SU-2017:2946-1, SUSE-SU-2017:2963-1, SUSE-SU-2017:2969-1, SUSE-SU-2017:3084-1, USN-3261-1, USN-3268-1, VIGILANCE-VUL-21595.
Description of the vulnerability
The QEMU product implements the filesystem from Plan 9 named "9pfs".
It may be used to share files between the host and process in the guest system in QEMU. However, when QEMU follows a symbolic link, it does not distinguish between filenames and directory names. This allows a guest process to open a non shared file on the host.
A local attacker can therefore create a symbolic link, in order to access files with the privileges of QEMU on the host system.
Complete Vigil@nce bulletin.... (Free trial) |
QEMU: memory leak via the audio driver es1370
Synthesis of the vulnerability
An attacker, inside a guest system, can create a memory leak in the ac97 audio device driver of QEMU, in order to trigger a denial of service against the host system.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/01/2017.
Identifiers: CVE-2017-5526, DLA-1497-1, FEDORA-2017-31b976672b, FEDORA-2017-62ac1230f7, FEDORA-2017-cdb53b04e0, FEDORA-2017-d4ee7018c1, openSUSE-SU-2017:0707-1, openSUSE-SU-2017:1312-1, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, SUSE-SU-2017:0625-1, SUSE-SU-2017:1241-1, SUSE-SU-2017:2751-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, USN-3261-1, VIGILANCE-VUL-21609.
Description of the vulnerability
The QEMU product can emulate the audio device es1370 .
However, some memory areas are are not freed at software unplugging time.
An attacker, inside a guest system, can therefore create a memory leak in the ac97 audio device driver of QEMU, in order to trigger a denial of service against the host system.
Complete Vigil@nce bulletin.... (Free trial) |
QEMU: memory leak via the audio driver ac97
Synthesis of the vulnerability
An attacker in tghe guest system can create a memory leak in the ac97 audio device driver of QEMU, in order to trigger a denial of service against the host system.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/01/2017.
Identifiers: CVE-2017-5525, DLA-1497-1, FEDORA-2017-31b976672b, FEDORA-2017-62ac1230f7, FEDORA-2017-cdb53b04e0, FEDORA-2017-d4ee7018c1, openSUSE-SU-2017:0707-1, openSUSE-SU-2017:1312-1, SUSE-SU-2017:0625-1, SUSE-SU-2017:1241-1, USN-3261-1, VIGILANCE-VUL-21607.
Description of the vulnerability
The QEMU product can emulate the audio device ac97.
However, some memory areas are are not freed at software unplugging time.
An attacker, inside a guest system, can therefore create a memory leak in the ac97 audio device driver of QEMU, in order to trigger a denial of service against the host system.
Complete Vigil@nce bulletin.... (Free trial) |
QEMU: buffer overflow via virtio-gpu-3d
Synthesis of the vulnerability
An attacker, inside a guest system, can generate a buffer overflow via virtio-gpu-3d of QEMU, in order to trigger a denial of service against the host system.
Impacted products: Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 20/12/2016.
Identifiers: CVE-2016-10028, FEDORA-2017-12394e2cc7, FEDORA-2017-b953d4d3a4, openSUSE-SU-2017:0707-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:0625-1, SUSE-SU-2017:1774-1, USN-3261-1, USN-3268-1, VIGILANCE-VUL-21428.
Description of the vulnerability
The Qemu product manages commands exported to guest userspace process.
However, for the command VIRTIO_GPU_CMD_GET_CAPSET, QEMU accepts a nul buffer size for the command response data. In this cas, an overflow occurs.
An attacker, inside a guest system, can therefore generate a buffer overflow via virtio-gpu-3d of QEMU, in order to trigger a denial of service against the host system.
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about QEMU:
|