VYPR

rpm package

almalinux/seabios

pkg:rpm/almalinux/seabios

Vulnerabilities (85)

  • CVE-2022-30784May 26, 2022
    affected < 1.16.0-3.module_el8.7.0+3346+68867adbfixed 1.16.0-3.module_el8.7.0+3346+68867adb

    A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

  • CVE-2021-3750May 2, 2022
    affected < 1.16.0-4.module_el8.9.0+3659+9c8643f3fixed 1.16.0-4.module_el8.9.0+3659+9c8643f3

    A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions

  • CVE-2021-46790May 2, 2022
    affected < 1.16.0-3.module_el8.7.0+3346+68867adbfixed 1.16.0-3.module_el8.7.0+3346+68867adb

    ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.

  • CVE-2021-4206Apr 29, 2022
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th

  • CVE-2021-4207Apr 29, 2022
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg

  • CVE-2021-20295Apr 1, 2022
    affected < 1.13.0-2.module_el8.5.0+2608+72063365fixed 1.13.0-2.module_el8.5.0+2608+72063365

    It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previou

  • CVE-2021-3748Mar 23, 2022
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash

  • CVE-2021-20257Mar 16, 2022
    affected < 1.13.0-2.module_el8.5.0+2608+72063365fixed 1.13.0-2.module_el8.5.0+2608+72063365

    An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re

  • CVE-2022-26354Mar 16, 2022
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.

  • CVE-2022-26353Mar 16, 2022
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.

  • CVE-2021-3716Mar 2, 2022
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading th

  • CVE-2021-3667Mar 2, 2022
    affected < 1.13.0-2.module_el8.5.0+2608+72063365fixed 1.13.0-2.module_el8.5.0+2608+72063365

    An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write soc

  • CVE-2021-3631Mar 2, 2022
    affected < 1.13.0-2.module_el8.5.0+2608+72063365fixed 1.13.0-2.module_el8.5.0+2608+72063365

    A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to

  • CVE-2021-3930Feb 18, 2022
    affected < 1.13.0-2.module_el8.5.0+2608+72063365fixed 1.13.0-2.module_el8.5.0+2608+72063365

    An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d

  • CVE-2021-4145Jan 25, 2022
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to cra

  • CVE-2021-3622Dec 23, 2021
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to s

  • CVE-2021-39263Sep 7, 2021
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.

  • CVE-2021-39262Sep 7, 2021
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.

  • CVE-2021-39261Sep 7, 2021
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.

  • CVE-2021-39260Sep 7, 2021
    affected < 1.15.0-2.module_el8.6.0+2880+7d9e3703fixed 1.15.0-2.module_el8.6.0+2880+7d9e3703

    A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.

Page 2 of 5