The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of QEMU

vulnerability bulletin CVE-2017-9524

QEMU: denial of service against the Network Block Device server

Synthesis of the vulnerability

An attacker can start NBD connexions to QEMU, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 13/06/2017.
Identifiers: CVE-2017-9524, DSA-3920-1, DSA-3925-1, FEDORA-2017-b7f1197c23, openSUSE-SU-2017:2941-1, RHSA-2017:1681-01, SUSE-SU-2017:2936-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22953.

Description of the vulnerability

QEMU includes a "Network Block Device" server, which emulates a kind a remote raw disk.

However, when the NBS signalling is aborted at connexion time, a data structure becomes invalid, which leads to the use of an invalid pointer and a fatal exception.

An attacker can therefore start NBD connexions to QEMU, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-9374

QEMU: memory leak via the EHCI emulation

Synthesis of the vulnerability

A privileged attacker, inside a guest system, can create a memory leak via the EHCI emulation in QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 07/06/2017.
Identifiers: CVE-2017-9374, DLA-1497-1, DSA-3920-1, FEDORA-2017-f941184db1, openSUSE-SU-2017:1872-1, RHSA-2017:2392-01, SUSE-SU-2017:1770-1, SUSE-SU-2017:1774-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, SUSE-SU-2017:2946-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22912.

Description of the vulnerability

A privileged attacker, inside a guest system, can create a memory leak via the EHCI emulation in QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-9373

QEMU: memory leak via the AHCI emulation

Synthesis of the vulnerability

A privileged attacker, inside a guest system, can create a memory leak via the AHCI emulation in QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 06/06/2017.
Identifiers: CVE-2017-9373, DLA-1497-1, DSA-3920-1, openSUSE-SU-2017:1872-1, RHSA-2017:2392-01, SUSE-SU-2017:1774-1, SUSE-SU-2017:2946-1, SUSE-SU-2017:2963-1, SUSE-SU-2017:2969-1, SUSE-SU-2017:3084-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22901.

Description of the vulnerability

A privileged attacker, inside a guest system, can create a memory leak via the AHCI emulation in QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-9330

QEMU: infinite loop via the USB OHCI emulation

Synthesis of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via the USB emulation, OHCI interface in QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 01/06/2017.
Identifiers: CVE-2017-9330, DLA-1497-1, DSA-3920-1, FEDORA-2017-b7f1197c23, FEDORA-2017-ed735463e3, FEDORA-2017-f941184db1, openSUSE-SU-2017:1826-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:1715-1, SUSE-SU-2017:1742-1, SUSE-SU-2017:1770-1, SUSE-SU-2017:1774-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, SUSE-SU-2017:2946-1, SUSE-SU-2017:2963-1, SUSE-SU-2017:2969-1, SUSE-SU-2017:3084-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22880.

Description of the vulnerability

An attacker, inside a guest system, can generate an infinite loop via the USB emulation, OHCI interface in QEMU, in order to trigger a denial of service on the host system.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-9310

QEMU: infinite loop in the emulator of the network device e1000e

Synthesis of the vulnerability

A privileged attacker, inside a guest system, can generate an endless loop in the QEMU emulator for the netword card 1000e, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, QEMU, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 31/05/2017.
Identifiers: 1452620, CVE-2017-9310, DSA-3920-1, FEDORA-2017-f941184db1, RHSA-2017:2392-01, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22869.

Description of the vulnerability

A privileged attacker, inside a guest system, can generate an endless loop in the QEMU emulator for the netword card 1000e, in order to trigger a denial of service on the host system.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-6058

QEMU: buffer overflow via the Ethernet VLAN header

Synthesis of the vulnerability

An attacker can generate a buffer overflow sending Ethernet frames with a VLAN header to a guest system in QEMU, in order to trigger a denial of service against the host system, and possibly to run code.
Impacted products: Fedora, QEMU.
Severity: 1/4.
Creation date: 20/02/2017.
Identifiers: CVE-2017-6058, FEDORA-2017-31b976672b, VIGILANCE-VUL-21903.

Description of the vulnerability

An attacker can therefore generate a buffer overflow sending Ethernet frames with a VLAN header to a guest system in QEMU, in order to trigger a denial of service against the host system, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-9602

QEMU: file corruption via 9pfs

Synthesis of the vulnerability

A local attacker can create a symbolic link, in order to access files with the privileges of QEMU on the host system.
Impacted products: Debian, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 17/01/2017.
Revision date: 17/02/2017.
Identifiers: 1035, CVE-2016-9602, DLA-1035-1, DLA-1497-1, DLA-965-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:1774-1, SUSE-SU-2017:2946-1, SUSE-SU-2017:2963-1, SUSE-SU-2017:2969-1, SUSE-SU-2017:3084-1, USN-3261-1, USN-3268-1, VIGILANCE-VUL-21595.

Description of the vulnerability

The QEMU product implements the filesystem from Plan 9 named "9pfs".

It may be used to share files between the host and process in the guest system in QEMU. However, when QEMU follows a symbolic link, it does not distinguish between filenames and directory names. This allows a guest process to open a non shared file on the host.

A local attacker can therefore create a symbolic link, in order to access files with the privileges of QEMU on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-5526

QEMU: memory leak via the audio driver es1370

Synthesis of the vulnerability

An attacker, inside a guest system, can create a memory leak in the ac97 audio device driver of QEMU, in order to trigger a denial of service against the host system.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/01/2017.
Identifiers: CVE-2017-5526, DLA-1497-1, FEDORA-2017-31b976672b, FEDORA-2017-62ac1230f7, FEDORA-2017-cdb53b04e0, FEDORA-2017-d4ee7018c1, openSUSE-SU-2017:0707-1, openSUSE-SU-2017:1312-1, openSUSE-SU-2017:2821-1, openSUSE-SU-2017:2916-1, SUSE-SU-2017:0625-1, SUSE-SU-2017:1241-1, SUSE-SU-2017:2751-1, SUSE-SU-2017:2812-1, SUSE-SU-2017:2815-1, SUSE-SU-2017:2856-1, SUSE-SU-2017:2864-1, SUSE-SU-2017:2873-1, USN-3261-1, VIGILANCE-VUL-21609.

Description of the vulnerability

The QEMU product can emulate the audio device es1370 .

However, some memory areas are are not freed at software unplugging time.

An attacker, inside a guest system, can therefore create a memory leak in the ac97 audio device driver of QEMU, in order to trigger a denial of service against the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-5525

QEMU: memory leak via the audio driver ac97

Synthesis of the vulnerability

An attacker in tghe guest system can create a memory leak in the ac97 audio device driver of QEMU, in order to trigger a denial of service against the host system.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/01/2017.
Identifiers: CVE-2017-5525, DLA-1497-1, FEDORA-2017-31b976672b, FEDORA-2017-62ac1230f7, FEDORA-2017-cdb53b04e0, FEDORA-2017-d4ee7018c1, openSUSE-SU-2017:0707-1, openSUSE-SU-2017:1312-1, SUSE-SU-2017:0625-1, SUSE-SU-2017:1241-1, USN-3261-1, VIGILANCE-VUL-21607.

Description of the vulnerability

The QEMU product can emulate the audio device ac97.

However, some memory areas are are not freed at software unplugging time.

An attacker, inside a guest system, can therefore create a memory leak in the ac97 audio device driver of QEMU, in order to trigger a denial of service against the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-10028

QEMU: buffer overflow via virtio-gpu-3d

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via virtio-gpu-3d of QEMU, in order to trigger a denial of service against the host system.
Impacted products: Fedora, openSUSE Leap, QEMU, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 20/12/2016.
Identifiers: CVE-2016-10028, FEDORA-2017-12394e2cc7, FEDORA-2017-b953d4d3a4, openSUSE-SU-2017:0707-1, openSUSE-SU-2017:1872-1, SUSE-SU-2017:0625-1, SUSE-SU-2017:1774-1, USN-3261-1, USN-3268-1, VIGILANCE-VUL-21428.

Description of the vulnerability

The Qemu product manages commands exported to guest userspace process.

However, for the command VIRTIO_GPU_CMD_GET_CAPSET, QEMU accepts a nul buffer size for the command response data. In this cas, an overflow occurs.

An attacker, inside a guest system, can therefore generate a buffer overflow via virtio-gpu-3d of QEMU, in order to trigger a denial of service against the host system.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about QEMU: