rpm package
almalinux/libguestfs-winsupport
pkg:rpm/almalinux/libguestfs-winsupport
Vulnerabilities (85)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3592 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this | ||
| CVE-2020-14301 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | May 27, 2021 | An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configurat | ||
| CVE-2021-20196 | — | < 8.6-1.module_el8.6.0+2880+7d9e3703 | 8.6-1.module_el8.6.0+2880+7d9e3703 | May 26, 2021 | A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on | ||
| CVE-2021-20221 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | May 13, 2021 | An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide | ||
| CVE-2021-3504 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | May 11, 2021 | A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or | ||
| CVE-2021-3416 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Mar 18, 2021 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles | ||
| CVE-2020-35517 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Jan 28, 2021 | A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. | ||
| CVE-2020-29443 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Jan 22, 2021 | ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | ||
| CVE-2020-11947 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Dec 31, 2020 | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | ||
| CVE-2020-27821 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Dec 8, 2020 | A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the | ||
| CVE-2020-28916 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Dec 4, 2020 | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | ||
| CVE-2020-14339 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Dec 3, 2020 | A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform ope | ||
| CVE-2020-25723 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Dec 2, 2020 | A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the | ||
| CVE-2020-29129 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Nov 26, 2020 | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||
| CVE-2020-29130 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Nov 26, 2020 | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||
| CVE-2020-27617 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Nov 6, 2020 | eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. | ||
| CVE-2020-25637 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Oct 6, 2020 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w | ||
| CVE-2020-16092 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Aug 11, 2020 | In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition | ||
| CVE-2020-15859 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Jul 21, 2020 | QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. | ||
| CVE-2020-10756 | — | < 8.2-1.module_el8.5.0+2608+72063365 | 8.2-1.module_el8.5.0+2608+72063365 | Jul 9, 2020 | An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of |
- CVE-2021-3592Jun 15, 2021affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
- CVE-2020-14301May 27, 2021affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configurat
- CVE-2021-20196May 26, 2021affected < 8.6-1.module_el8.6.0+2880+7d9e3703fixed 8.6-1.module_el8.6.0+2880+7d9e3703
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on
- CVE-2021-20221May 13, 2021affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide
- CVE-2021-3504May 11, 2021affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or
- CVE-2021-3416Mar 18, 2021affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles
- CVE-2020-35517Jan 28, 2021affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
- CVE-2020-29443Jan 22, 2021affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
- CVE-2020-11947Dec 31, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
- CVE-2020-27821Dec 8, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the
- CVE-2020-28916Dec 4, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
- CVE-2020-14339Dec 3, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform ope
- CVE-2020-25723Dec 2, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the
- CVE-2020-29129Nov 26, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
- CVE-2020-29130Nov 26, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
- CVE-2020-27617Nov 6, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
- CVE-2020-25637Oct 6, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-w
- CVE-2020-16092Aug 11, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition
- CVE-2020-15859Jul 21, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
- CVE-2020-10756Jul 9, 2020affected < 8.2-1.module_el8.5.0+2608+72063365fixed 8.2-1.module_el8.5.0+2608+72063365
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of
Page 4 of 5