rpm package

almalinux/qemu-kvm

pkg:rpm/almalinux/qemu-kvm

Vulnerabilities (67)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-40284	—	< 15:6.2.0-33.module_el8.8.0+3612+f18d2b89.alma.1	15:6.2.0-33.module_el8.8.0+3612+f18d2b89.alma.1	Nov 6, 2022	A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to
CVE-2022-3165	—	< 17:7.2.0-14.el9_2	17:7.2.0-14.el9_2	Oct 17, 2022	An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVE-2022-0485	—	< 15:6.2.0-11.module_el8.6.0+2880+7d9e3703	15:6.2.0-11.module_el8.6.0+2880+7d9e3703	Aug 29, 2022	A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the
CVE-2022-0358	—	< 15:4.2.0-59.module_el8.5.0+2629+68d2f392.2	15:4.2.0-59.module_el8.5.0+2629+68d2f392.2	Aug 29, 2022	A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory
CVE-2021-4158	—	< 15:6.2.0-11.module_el8.6.0+2880+7d9e3703	15:6.2.0-11.module_el8.6.0+2880+7d9e3703	Aug 24, 2022	A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2021-3975	—	< 15:6.2.0-11.module_el8.6.0+2880+7d9e3703	15:6.2.0-11.module_el8.6.0+2880+7d9e3703	Aug 23, 2022	A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues
CVE-2022-30789	—	< 15:6.2.0-32.module_el8.8.0+3553+bd08596b	15:6.2.0-32.module_el8.8.0+3553+bd08596b	May 26, 2022	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVE-2022-30788	—	< 15:6.2.0-32.module_el8.8.0+3553+bd08596b	15:6.2.0-32.module_el8.8.0+3553+bd08596b	May 26, 2022	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVE-2022-30786	—	< 15:6.2.0-32.module_el8.8.0+3553+bd08596b	15:6.2.0-32.module_el8.8.0+3553+bd08596b	May 26, 2022	A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30784	—	< 15:6.2.0-32.module_el8.8.0+3553+bd08596b	15:6.2.0-32.module_el8.8.0+3553+bd08596b	May 26, 2022	A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-3611	—	< 17:7.0.0-13.el9	17:7.0.0-13.el9	May 11, 2022	A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability
CVE-2021-3750	—	< 17:7.0.0-13.el9	17:7.0.0-13.el9	May 2, 2022	A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions
CVE-2021-46790	—	< 15:6.2.0-32.module_el8.8.0+3553+bd08596b	15:6.2.0-32.module_el8.8.0+3553+bd08596b	May 2, 2022	ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVE-2021-4206	—	< 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2	15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2	Apr 29, 2022	A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
CVE-2021-4207	—	< 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2	15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2	Apr 29, 2022	A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
CVE-2021-3748	—	< 15:6.2.0-11.module_el8.6.0+2880+7d9e3703	15:6.2.0-11.module_el8.6.0+2880+7d9e3703	Mar 23, 2022	A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash
CVE-2021-20257	—	< 15:4.2.0-59.module_el8.5.0+2608+72063365.1	15:4.2.0-59.module_el8.5.0+2608+72063365.1	Mar 16, 2022	An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
CVE-2022-26354	—	< 17:6.2.0-11.el9_0.3	17:6.2.0-11.el9_0.3	Mar 16, 2022	A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2022-26353	—	< 17:6.2.0-11.el9_0.3	17:6.2.0-11.el9_0.3	Mar 16, 2022	A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2021-3716	—	< 15:6.2.0-11.module_el8.6.0+2880+7d9e3703	15:6.2.0-11.module_el8.6.0+2880+7d9e3703	Mar 2, 2022	A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th

CVE-2022-40284Nov 6, 2022
affected < 15:6.2.0-33.module_el8.8.0+3612+f18d2b89.alma.1fixed 15:6.2.0-33.module_el8.8.0+3612+f18d2b89.alma.1
A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to
CVE-2022-3165Oct 17, 2022
affected < 17:7.2.0-14.el9_2fixed 17:7.2.0-14.el9_2
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVE-2022-0485Aug 29, 2022
affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the
CVE-2022-0358Aug 29, 2022
affected < 15:4.2.0-59.module_el8.5.0+2629+68d2f392.2fixed 15:4.2.0-59.module_el8.5.0+2629+68d2f392.2
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory
CVE-2021-4158Aug 24, 2022
affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVE-2021-3975Aug 23, 2022
affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the gues
CVE-2022-30789May 26, 2022
affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
CVE-2022-30788May 26, 2022
affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVE-2022-30786May 26, 2022
affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30784May 26, 2022
affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2021-3611May 11, 2022
affected < 17:7.0.0-13.el9fixed 17:7.0.0-13.el9
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability
CVE-2021-3750May 2, 2022
affected < 17:7.0.0-13.el9fixed 17:7.0.0-13.el9
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions
CVE-2021-46790May 2, 2022
affected < 15:6.2.0-32.module_el8.8.0+3553+bd08596bfixed 15:6.2.0-32.module_el8.8.0+3553+bd08596b
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVE-2021-4206Apr 29, 2022
affected < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2fixed 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
CVE-2021-4207Apr 29, 2022
affected < 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2fixed 15:6.2.0-11.module_el8.6.0+3071+a07c0ea5.2
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
CVE-2021-3748Mar 23, 2022
affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash
CVE-2021-20257Mar 16, 2022
affected < 15:4.2.0-59.module_el8.5.0+2608+72063365.1fixed 15:4.2.0-59.module_el8.5.0+2608+72063365.1
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
CVE-2022-26354Mar 16, 2022
affected < 17:6.2.0-11.el9_0.3fixed 17:6.2.0-11.el9_0.3
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2022-26353Mar 16, 2022
affected < 17:6.2.0-11.el9_0.3fixed 17:6.2.0-11.el9_0.3
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2021-3716Mar 2, 2022
affected < 15:6.2.0-11.module_el8.6.0+2880+7d9e3703fixed 15:6.2.0-11.module_el8.6.0+2880+7d9e3703
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th

Page 2 of 4