VYPR

rpm package

opensuse/qemu&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed

Vulnerabilities (224)

  • CVE-2020-10702Jun 4, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signatur

  • CVE-2020-13800Jun 4, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

  • CVE-2020-13659Jun 2, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.

  • CVE-2020-13362May 28, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

  • CVE-2020-13361May 28, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

  • CVE-2020-10717May 4, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors

  • CVE-2020-11869Apr 27, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this

  • CVE-2020-1983Apr 22, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

  • CVE-2020-11102Apr 6, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.

  • CVE-2020-1711Feb 11, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user

  • CVE-2013-4535Feb 11, 2020
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

  • CVE-2014-0147Feb 11, 2020
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() r

  • CVE-2014-0144Feb 11, 2020
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host w

  • CVE-2020-8608Feb 6, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

  • CVE-2020-7039Jan 16, 2020
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

  • CVE-2019-11135MedNov 14, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

  • CVE-2018-12207Nov 14, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

  • CVE-2019-15890Sep 6, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.

  • CVE-2019-14378Jul 29, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.

  • CVE-2019-13164Jul 3, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.

Page 4 of 12