rpm package
almalinux/qemu-kvm-tests
pkg:rpm/almalinux/qemu-kvm-tests
Vulnerabilities (53)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-30784 | — | < 15:6.2.0-32.module_el8.8.0+3553+bd08596b | 15:6.2.0-32.module_el8.8.0+3553+bd08596b | May 26, 2022 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | ||
| CVE-2021-3750 | — | < 15:6.2.0-40.module_el8.9.0+3681+41cbbcc0.1.alma.1 | 15:6.2.0-40.module_el8.9.0+3681+41cbbcc0.1.alma.1 | May 2, 2022 | A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions | ||
| CVE-2021-46790 | — | < 15:6.2.0-32.module_el8.8.0+3553+bd08596b | 15:6.2.0-32.module_el8.8.0+3553+bd08596b | May 2, 2022 | ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. | ||
| CVE-2021-4206 | — | < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2 | 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2 | Apr 29, 2022 | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th | ||
| CVE-2021-4207 | — | < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2 | 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2 | Apr 29, 2022 | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg | ||
| CVE-2021-3748 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Mar 23, 2022 | A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash | ||
| CVE-2022-26354 | — | < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2 | 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2 | Mar 16, 2022 | A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. | ||
| CVE-2022-26353 | — | < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2 | 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2 | Mar 16, 2022 | A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. | ||
| CVE-2021-3716 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Mar 2, 2022 | A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th | ||
| CVE-2021-4145 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Jan 25, 2022 | A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to cra | ||
| CVE-2021-3622 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Dec 23, 2021 | A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to s | ||
| CVE-2021-39263 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Sep 7, 2021 | A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. | ||
| CVE-2021-39262 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Sep 7, 2021 | A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. | ||
| CVE-2021-39261 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Sep 7, 2021 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. | ||
| CVE-2021-39260 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Sep 7, 2021 | A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. | ||
| CVE-2021-39259 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Sep 7, 2021 | A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. | ||
| CVE-2021-39258 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Sep 7, 2021 | A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22. | ||
| CVE-2021-39257 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Sep 7, 2021 | A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. | ||
| CVE-2021-39256 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Sep 7, 2021 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. | ||
| CVE-2021-39255 | — | < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | 15:6.2.0-11.module_el8.6.0+2880+7d9e3703 | Sep 7, 2021 | A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. |
- CVE-2022-30784May 26, 2022affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
- CVE-2021-3750May 2, 2022affected < 15:6.2.0-40.module_el8.9.0+3681+41cbbcc0.1.alma.1fixed 15:6.2.0-40.module_el8.9.0+3681+41cbbcc0.1.alma.1
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions
- CVE-2021-46790May 2, 2022affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
- CVE-2021-4206Apr 29, 2022affected < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2fixed 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
- CVE-2021-4207Apr 29, 2022affected < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2fixed 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
- CVE-2021-3748Mar 23, 2022affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash
- CVE-2022-26354Mar 16, 2022affected < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2fixed 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
- CVE-2022-26353Mar 16, 2022affected < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2fixed 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
- CVE-2021-3716Mar 2, 2022affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th
- CVE-2021-4145Jan 25, 2022affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to cra
- CVE-2021-3622Dec 23, 2021affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to s
- CVE-2021-39263Sep 7, 2021affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.
- CVE-2021-39262Sep 7, 2021affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
- CVE-2021-39261Sep 7, 2021affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.
- CVE-2021-39260Sep 7, 2021affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
- CVE-2021-39259Sep 7, 2021affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.
- CVE-2021-39258Sep 7, 2021affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.
- CVE-2021-39257Sep 7, 2021affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.
- CVE-2021-39256Sep 7, 2021affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.
- CVE-2021-39255Sep 7, 2021affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.
Page 2 of 3