VYPR

rpm package

opensuse/qemu&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed

Vulnerabilities (224)

  • CVE-2017-10664HigAug 2, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.

  • CVE-2017-11434MedJul 25, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.

  • CVE-2017-9524HigJul 6, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talkin

  • CVE-2017-9503MedJun 16, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.

  • CVE-2017-8379MedMay 23, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.

  • CVE-2017-8309HigMay 23, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.

  • CVE-2017-7493HigMay 17, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to esca

  • CVE-2017-8112MedMay 2, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.

  • CVE-2015-8619HigApr 13, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).

  • CVE-2015-8504MedApr 11, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.

  • CVE-2017-5973MedMar 27, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.

  • CVE-2017-6058HigMar 20, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN s

  • CVE-2017-5857MedMar 16, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching t

  • CVE-2017-5856MedMar 16, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over

  • CVE-2017-5667MedMar 16, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer

  • CVE-2017-5898MedMar 15, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units

  • CVE-2017-5579MedMar 15, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

  • CVE-2017-5578MedMar 15, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

  • CVE-2017-5552MedMar 15, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

  • CVE-2017-5526MedMar 15, 2017
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

Page 7 of 12