VYPR

rpm package

opensuse/qemu&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed

Vulnerabilities (224)

  • CVE-2016-9102MedDec 9, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.

  • CVE-2016-9101MedDec 9, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.

  • CVE-2016-8910MedNov 4, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.

  • CVE-2016-8909MedNov 4, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.

  • CVE-2016-8669MedNov 4, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.

  • CVE-2016-8668MedNov 4, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.

  • CVE-2016-8667MedNov 4, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.

  • CVE-2016-8578MedNov 4, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.

  • CVE-2016-8577MedNov 4, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.

  • CVE-2016-8576MedNov 4, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

  • CVE-2016-7423MedOct 10, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest obj

  • CVE-2016-7909MedOct 5, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.

  • CVE-2016-7908MedOct 5, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in

  • CVE-2016-7907MedOct 5, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in

  • CVE-2016-7161CriOct 5, 2016
    affected < 6.1.0-32.1fixed 6.1.0-32.1

    Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.

  • CVE-2016-6351MedSep 7, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU h

  • CVE-2016-5107MedSep 2, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.

  • CVE-2016-5106MedSep 2, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware In

  • CVE-2016-5105MedSep 2, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interfac

  • CVE-2016-4952MedSep 2, 2016
    affected < 2.6.1-1.5fixed 2.6.1-1.5

    QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING S

Page 9 of 12