VYPR

rpm package

almalinux/qemu-kvm-ui-opengl

pkg:rpm/almalinux/qemu-kvm-ui-opengl

Vulnerabilities (69)

  • CVE-2023-3019MedJul 24, 2023
    affected < 17:8.2.0-11.el9_4fixed 17:8.2.0-11.el9_4

    A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.

  • CVE-2023-3354Jul 11, 2023
    affected < 17:7.2.0-14.el9_2.5.alma.1fixed 17:7.2.0-14.el9_2.5.alma.1

    A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake ph

  • CVE-2023-2700May 15, 2023
    affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b

    A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.

  • CVE-2023-1018Feb 28, 2023
    affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b

    An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

  • CVE-2022-4172Nov 29, 2022
    affected < 17:7.2.0-14.el9_2fixed 17:7.2.0-14.el9_2

    An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory devic

  • CVE-2022-4144Nov 29, 2022
    affected < 15:6.2.0-21.module_el8.7.0+3387+571b583b.2fixed 15:6.2.0-21.module_el8.7.0+3387+571b583b.2

    An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious gue

  • CVE-2022-40284Nov 6, 2022
    affected < 15:6.2.0-33.module_el8.8.0+3612+f18d2b89.alma.1fixed 15:6.2.0-33.module_el8.8.0+3612+f18d2b89.alma.1

    A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to

  • CVE-2022-3165Oct 17, 2022
    affected < 17:7.2.0-14.el9_2fixed 17:7.2.0-14.el9_2

    An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.

  • CVE-2022-0485Aug 29, 2022
    affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703

    A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the

  • CVE-2021-4158Aug 24, 2022
    affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703

    A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

  • CVE-2021-3975Aug 23, 2022
    affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703

    A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues

  • CVE-2022-30789May 26, 2022
    affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b

    A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.

  • CVE-2022-30788May 26, 2022
    affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b

    A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.

  • CVE-2022-30786May 26, 2022
    affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b

    A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.

  • CVE-2022-30784May 26, 2022
    affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b

    A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

  • CVE-2021-3611May 11, 2022
    affected < 17:7.0.0-13.el9fixed 17:7.0.0-13.el9

    A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability

  • CVE-2021-3750May 2, 2022
    affected < 17:7.0.0-13.el9fixed 17:7.0.0-13.el9

    A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions

  • CVE-2021-46790May 2, 2022
    affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b

    ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.

  • CVE-2021-4206Apr 29, 2022
    affected < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2fixed 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2

    A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th

  • CVE-2021-4207Apr 29, 2022
    affected < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2fixed 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2

    A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg