rpm package
opensuse/qemu&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed
Vulnerabilities (224)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-5403 | Med | 5.5 | < 2.6.1-1.5 | 2.6.1-1.5 | Aug 2, 2016 | The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. | |
| CVE-2016-5338 | Hig | 7.8 | < 2.6.1-1.5 | 2.6.1-1.5 | Jun 14, 2016 | The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. | |
| CVE-2016-5337 | Med | 5.5 | < 2.6.1-1.5 | 2.6.1-1.5 | Jun 14, 2016 | The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. | |
| CVE-2016-5238 | Med | 4.4 | < 2.6.1-1.5 | 2.6.1-1.5 | Jun 14, 2016 | The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. | |
| CVE-2016-5126 | Hig | 7.8 | < 2.6.1-1.5 | 2.6.1-1.5 | Jun 1, 2016 | Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. | |
| CVE-2016-4454 | Med | 6.0 | < 2.6.1-1.5 | 2.6.1-1.5 | Jun 1, 2016 | The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-b | |
| CVE-2016-4453 | Med | 4.4 | < 2.6.1-1.5 | 2.6.1-1.5 | Jun 1, 2016 | The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. | |
| CVE-2016-4020 | Med | 6.5 | < 2.6.1-1.5 | 2.6.1-1.5 | May 25, 2016 | The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). | |
| CVE-2016-4441 | Med | 6.0 | < 2.6.1-1.5 | 2.6.1-1.5 | May 20, 2016 | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin | |
| CVE-2016-4439 | Med | 6.7 | < 2.6.1-1.5 | 2.6.1-1.5 | May 20, 2016 | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e | |
| CVE-2016-3712 | Med | 5.5 | < 2.6.1-1.5 | 2.6.1-1.5 | May 11, 2016 | Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | |
| CVE-2016-4002 | Cri | 9.8 | < 2.6.1-1.5 | 2.6.1-1.5 | Apr 26, 2016 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th | |
| CVE-2016-1714 | Hig | 8.1 | < 6.1.0-32.1 | 6.1.0-32.1 | Apr 7, 2016 | The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access | |
| CVE-2015-6855 | Hig | 7.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Nov 6, 2015 | hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, | |
| CVE-2015-5225 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Nov 6, 2015 | Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related t | ||
| CVE-2015-3456 | — | < 2.6.1-1.5 | 2.6.1-1.5 | May 13, 2015 | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o | ||
| CVE-2014-8106 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Dec 8, 2014 | Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. | ||
| CVE-2014-0222 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Nov 4, 2014 | Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. | ||
| CVE-2014-0182 | — | < 2.6.1-1.5 | 2.6.1-1.5 | Nov 4, 2014 | Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image. | ||
| CVE-2013-6399 | — | < 2.6.1-1.5 | 2.6.1-1.5 | Nov 4, 2014 | Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. |
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
- affected < 2.6.1-1.5fixed 2.6.1-1.5
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-b
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e
- affected < 2.6.1-1.5fixed 2.6.1-1.5
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
- affected < 2.6.1-1.5fixed 2.6.1-1.5
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th
- affected < 6.1.0-32.1fixed 6.1.0-32.1
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access
- affected < 6.1.0-32.1fixed 6.1.0-32.1
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive,
- CVE-2015-5225Nov 6, 2015affected < 6.1.0-32.1fixed 6.1.0-32.1
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related t
- CVE-2015-3456May 13, 2015affected < 2.6.1-1.5fixed 2.6.1-1.5
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, o
- CVE-2014-8106Dec 8, 2014affected < 6.1.0-32.1fixed 6.1.0-32.1
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
- CVE-2014-0222Nov 4, 2014affected < 6.1.0-32.1fixed 6.1.0-32.1
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
- CVE-2014-0182Nov 4, 2014affected < 2.6.1-1.5fixed 2.6.1-1.5
Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.
- CVE-2013-6399Nov 4, 2014affected < 2.6.1-1.5fixed 2.6.1-1.5
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
Page 10 of 12