VYPR

rpm package

opensuse/qemu&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed

Vulnerabilities (224)

  • CVE-2019-9824Jun 3, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.

  • CVE-2018-20815May 31, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.

  • CVE-2018-12130MedMay 30, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found h

  • CVE-2018-12126MedMay 30, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found

  • CVE-2019-12155May 24, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.

  • CVE-2019-8934Mar 17, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

  • CVE-2019-6778Mar 17, 2019
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

  • CVE-2018-20191Dec 20, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).

  • CVE-2018-20124Dec 20, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.

  • CVE-2018-20216Dec 20, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).

  • CVE-2018-20126Dec 20, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.

  • CVE-2018-20125Dec 20, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.

  • CVE-2018-20123Dec 17, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.

  • CVE-2018-16872Dec 13, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb

  • CVE-2018-10839Oct 16, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting

  • CVE-2018-17963CriOct 9, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

  • CVE-2018-15746MedAug 29, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.

  • CVE-2017-15118HigJul 27, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If

  • CVE-2017-2620MedJul 27, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro

  • CVE-2017-2630MedJul 27, 2018
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a rem

Page 5 of 12