rpm package
opensuse/qemu&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed
Vulnerabilities (224)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9824 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jun 3, 2019 | tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. | ||
| CVE-2018-20815 | — | < 6.1.0-32.1 | 6.1.0-32.1 | May 31, 2019 | In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. | ||
| CVE-2018-12130 | Med | 5.9 | < 6.1.0-32.1 | 6.1.0-32.1 | May 30, 2019 | Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found h | |
| CVE-2018-12126 | Med | 5.6 | < 6.1.0-32.1 | 6.1.0-32.1 | May 30, 2019 | Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found | |
| CVE-2019-12155 | — | < 6.1.0-32.1 | 6.1.0-32.1 | May 24, 2019 | interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | ||
| CVE-2019-8934 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Mar 17, 2019 | hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | ||
| CVE-2019-6778 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Mar 17, 2019 | In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. | ||
| CVE-2018-20191 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Dec 20, 2018 | hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). | ||
| CVE-2018-20124 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Dec 20, 2018 | hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. | ||
| CVE-2018-20216 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Dec 20, 2018 | QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). | ||
| CVE-2018-20126 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Dec 20, 2018 | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. | ||
| CVE-2018-20125 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Dec 20, 2018 | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. | ||
| CVE-2018-20123 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Dec 17, 2018 | pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. | ||
| CVE-2018-16872 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Dec 13, 2018 | A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb | ||
| CVE-2018-10839 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Oct 16, 2018 | Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting | ||
| CVE-2018-17963 | Cri | 9.8 | < 6.1.0-32.1 | 6.1.0-32.1 | Oct 9, 2018 | qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |
| CVE-2018-15746 | Med | 5.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Aug 29, 2018 | qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. | |
| CVE-2017-15118 | Hig | 8.3 | < 6.1.0-32.1 | 6.1.0-32.1 | Jul 27, 2018 | A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If | |
| CVE-2017-2620 | Med | 5.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Jul 27, 2018 | Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro | |
| CVE-2017-2630 | Med | 5.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Jul 27, 2018 | A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a rem |
- CVE-2019-9824Jun 3, 2019affected < 6.1.0-32.1fixed 6.1.0-32.1
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
- CVE-2018-20815May 31, 2019affected < 6.1.0-32.1fixed 6.1.0-32.1
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found h
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found
- CVE-2019-12155May 24, 2019affected < 6.1.0-32.1fixed 6.1.0-32.1
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
- CVE-2019-8934Mar 17, 2019affected < 6.1.0-32.1fixed 6.1.0-32.1
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
- CVE-2019-6778Mar 17, 2019affected < 6.1.0-32.1fixed 6.1.0-32.1
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
- CVE-2018-20191Dec 20, 2018affected < 6.1.0-32.1fixed 6.1.0-32.1
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
- CVE-2018-20124Dec 20, 2018affected < 6.1.0-32.1fixed 6.1.0-32.1
hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.
- CVE-2018-20216Dec 20, 2018affected < 6.1.0-32.1fixed 6.1.0-32.1
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
- CVE-2018-20126Dec 20, 2018affected < 6.1.0-32.1fixed 6.1.0-32.1
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
- CVE-2018-20125Dec 20, 2018affected < 6.1.0-32.1fixed 6.1.0-32.1
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.
- CVE-2018-20123Dec 17, 2018affected < 6.1.0-32.1fixed 6.1.0-32.1
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.
- CVE-2018-16872Dec 13, 2018affected < 6.1.0-32.1fixed 6.1.0-32.1
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb
- CVE-2018-10839Oct 16, 2018affected < 6.1.0-32.1fixed 6.1.0-32.1
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting
- affected < 6.1.0-32.1fixed 6.1.0-32.1
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro
- affected < 6.1.0-32.1fixed 6.1.0-32.1
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a rem
Page 5 of 12