rpm package
opensuse/qemu&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed
Vulnerabilities (224)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-10702 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jun 4, 2020 | A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signatur | ||
| CVE-2020-13800 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jun 4, 2020 | ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | ||
| CVE-2020-13659 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jun 2, 2020 | address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. | ||
| CVE-2020-13362 | — | < 6.1.0-32.1 | 6.1.0-32.1 | May 28, 2020 | In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. | ||
| CVE-2020-13361 | — | < 6.1.0-32.1 | 6.1.0-32.1 | May 28, 2020 | In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. | ||
| CVE-2020-10717 | — | < 6.1.0-32.1 | 6.1.0-32.1 | May 4, 2020 | A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors | ||
| CVE-2020-11869 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Apr 27, 2020 | An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this | ||
| CVE-2020-1983 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Apr 22, 2020 | A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. | ||
| CVE-2020-11102 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Apr 6, 2020 | hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. | ||
| CVE-2020-1711 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Feb 11, 2020 | An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user | ||
| CVE-2013-4535 | — | < 2.6.1-1.5 | 2.6.1-1.5 | Feb 11, 2020 | The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. | ||
| CVE-2014-0147 | — | < 2.6.1-1.5 | 2.6.1-1.5 | Feb 11, 2020 | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() r | ||
| CVE-2014-0144 | — | < 2.6.1-1.5 | 2.6.1-1.5 | Feb 11, 2020 | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host w | ||
| CVE-2020-8608 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Feb 6, 2020 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | ||
| CVE-2020-7039 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jan 16, 2020 | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. | ||
| CVE-2019-11135 | Med | 6.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Nov 14, 2019 | TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | |
| CVE-2018-12207 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Nov 14, 2019 | Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | ||
| CVE-2019-15890 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Sep 6, 2019 | libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. | ||
| CVE-2019-14378 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jul 29, 2019 | ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. | ||
| CVE-2019-13164 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jul 3, 2019 | qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. |
- CVE-2020-10702Jun 4, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signatur
- CVE-2020-13800Jun 4, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
- CVE-2020-13659Jun 2, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
- CVE-2020-13362May 28, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
- CVE-2020-13361May 28, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
- CVE-2020-10717May 4, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors
- CVE-2020-11869Apr 27, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this
- CVE-2020-1983Apr 22, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
- CVE-2020-11102Apr 6, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
- CVE-2020-1711Feb 11, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user
- CVE-2013-4535Feb 11, 2020affected < 2.6.1-1.5fixed 2.6.1-1.5
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
- CVE-2014-0147Feb 11, 2020affected < 2.6.1-1.5fixed 2.6.1-1.5
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() r
- CVE-2014-0144Feb 11, 2020affected < 2.6.1-1.5fixed 2.6.1-1.5
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host w
- CVE-2020-8608Feb 6, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
- CVE-2020-7039Jan 16, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
- CVE-2018-12207Nov 14, 2019affected < 6.1.0-32.1fixed 6.1.0-32.1
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
- CVE-2019-15890Sep 6, 2019affected < 6.1.0-32.1fixed 6.1.0-32.1
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
- CVE-2019-14378Jul 29, 2019affected < 6.1.0-32.1fixed 6.1.0-32.1
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
- CVE-2019-13164Jul 3, 2019affected < 6.1.0-32.1fixed 6.1.0-32.1
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
Page 4 of 12