rpm package
opensuse/qemu&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%2015.3
Vulnerabilities (42)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3544 | — | < 5.2.0-20.1 | 5.2.0-20.1 | Jun 2, 2021 | Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effectiv | ||
| CVE-2020-35503 | — | < 4.2.1-11.28.1 | 4.2.1-11.28.1 | Jun 2, 2021 | A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest us | ||
| CVE-2020-35506 | — | < 4.2.1-11.28.1 | 4.2.1-11.28.1 | May 28, 2021 | A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting | ||
| CVE-2020-35505 | — | < 4.2.1-11.28.1 | 4.2.1-11.28.1 | May 28, 2021 | A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulti | ||
| CVE-2020-35504 | — | < 4.2.1-11.28.1 | 4.2.1-11.28.1 | May 28, 2021 | A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system avai | ||
| CVE-2021-20196 | — | < 5.2.0-150300.109.2 | 5.2.0-150300.109.2 | May 26, 2021 | A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on | ||
| CVE-2021-3527 | — | < 4.2.1-11.28.1 | 4.2.1-11.28.1 | May 26, 2021 | A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array | ||
| CVE-2021-3507 | — | < 3.1.1.1-150100.80.43.2 | 3.1.1.1-150100.80.43.2 | May 6, 2021 | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f | ||
| CVE-2021-3409 | — | < 4.2.1-150200.69.1 | 4.2.1-150200.69.1 | Mar 23, 2021 | The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on t | ||
| CVE-2021-3416 | — | < 5.2.0-17.1 | 5.2.0-17.1 | Mar 18, 2021 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles | ||
| CVE-2021-20255 | — | < 4.2.1-11.28.1 | 4.2.1-11.28.1 | Mar 9, 2021 | A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p | ||
| CVE-2021-20263 | — | < 5.2.0-17.1 | 5.2.0-17.1 | Mar 9, 2021 | A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstance | ||
| CVE-2020-17380 | — | < 3.1.1.1-150100.80.43.2 | 3.1.1.1-150100.80.43.2 | Jan 30, 2021 | A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the | ||
| CVE-2020-27821 | — | < 5.2.0-17.1 | 5.2.0-17.1 | Dec 8, 2020 | A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the | ||
| CVE-2020-25723 | — | < 5.2.0-17.1 | 5.2.0-17.1 | Dec 2, 2020 | A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the | ||
| CVE-2020-29129 | — | < 5.2.0-17.1 | 5.2.0-17.1 | Nov 26, 2020 | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||
| CVE-2020-29130 | — | < 5.2.0-17.1 | 5.2.0-17.1 | Nov 26, 2020 | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||
| CVE-2020-25085 | — | < 5.2.0-17.1 | 5.2.0-17.1 | Sep 25, 2020 | QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | ||
| CVE-2020-14364 | — | < 5.2.0-17.1 | 5.2.0-17.1 | Aug 31, 2020 | An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw all | ||
| CVE-2020-13253 | — | < 4.2.1-11.34.2 | 4.2.1-11.34.2 | May 27, 2020 | sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. |
- CVE-2021-3544Jun 2, 2021affected < 5.2.0-20.1fixed 5.2.0-20.1
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effectiv
- CVE-2020-35503Jun 2, 2021affected < 4.2.1-11.28.1fixed 4.2.1-11.28.1
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest us
- CVE-2020-35506May 28, 2021affected < 4.2.1-11.28.1fixed 4.2.1-11.28.1
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting
- CVE-2020-35505May 28, 2021affected < 4.2.1-11.28.1fixed 4.2.1-11.28.1
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulti
- CVE-2020-35504May 28, 2021affected < 4.2.1-11.28.1fixed 4.2.1-11.28.1
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system avai
- CVE-2021-20196May 26, 2021affected < 5.2.0-150300.109.2fixed 5.2.0-150300.109.2
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on
- CVE-2021-3527May 26, 2021affected < 4.2.1-11.28.1fixed 4.2.1-11.28.1
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array
- CVE-2021-3507May 6, 2021affected < 3.1.1.1-150100.80.43.2fixed 3.1.1.1-150100.80.43.2
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f
- CVE-2021-3409Mar 23, 2021affected < 4.2.1-150200.69.1fixed 4.2.1-150200.69.1
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on t
- CVE-2021-3416Mar 18, 2021affected < 5.2.0-17.1fixed 5.2.0-17.1
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles
- CVE-2021-20255Mar 9, 2021affected < 4.2.1-11.28.1fixed 4.2.1-11.28.1
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p
- CVE-2021-20263Mar 9, 2021affected < 5.2.0-17.1fixed 5.2.0-17.1
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstance
- CVE-2020-17380Jan 30, 2021affected < 3.1.1.1-150100.80.43.2fixed 3.1.1.1-150100.80.43.2
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the
- CVE-2020-27821Dec 8, 2020affected < 5.2.0-17.1fixed 5.2.0-17.1
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the
- CVE-2020-25723Dec 2, 2020affected < 5.2.0-17.1fixed 5.2.0-17.1
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the
- CVE-2020-29129Nov 26, 2020affected < 5.2.0-17.1fixed 5.2.0-17.1
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
- CVE-2020-29130Nov 26, 2020affected < 5.2.0-17.1fixed 5.2.0-17.1
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
- CVE-2020-25085Sep 25, 2020affected < 5.2.0-17.1fixed 5.2.0-17.1
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
- CVE-2020-14364Aug 31, 2020affected < 5.2.0-17.1fixed 5.2.0-17.1
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw all
- CVE-2020-13253May 27, 2020affected < 4.2.1-11.34.2fixed 4.2.1-11.34.2
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
Page 2 of 3