rpm package
opensuse/qemu&distro=openSUSE Leap Micro 5.4
pkg:rpm/opensuse/qemu&distro=openSUSE%20Leap%20Micro%205.4
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-3447 | Med | 6.0 | < 6.2.0-150400.37.29.1 | 6.2.0-150400.37.29.1 | Nov 14, 2024 | A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on t | |
| CVE-2024-3446 | Hig | 8.2 | < 6.2.0-150400.37.29.1 | 6.2.0-150400.37.29.1 | Apr 9, 2024 | A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU proce | |
| CVE-2024-24474 | — | < 6.2.0-150400.37.29.1 | 6.2.0-150400.37.29.1 | Feb 20, 2024 | QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. | ||
| CVE-2023-6683 | — | < 6.2.0-150400.37.29.1 | 6.2.0-150400.37.29.1 | Jan 12, 2024 | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. | ||
| CVE-2023-2861 | — | < 6.2.0-150400.37.20.1 | 6.2.0-150400.37.20.1 | Dec 6, 2023 | A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the share | ||
| CVE-2023-3255 | — | < 6.2.0-150400.37.20.1 | 6.2.0-150400.37.20.1 | Sep 13, 2023 | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is | ||
| CVE-2023-3301 | — | < 6.2.0-150400.37.20.1 | 6.2.0-150400.37.20.1 | Sep 13, 2023 | A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. | ||
| CVE-2023-3019 | Med | 6.0 | < 6.2.0-150400.37.29.1 | 6.2.0-150400.37.29.1 | Jul 24, 2023 | A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. |
- affected < 6.2.0-150400.37.29.1fixed 6.2.0-150400.37.29.1
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on t
- affected < 6.2.0-150400.37.29.1fixed 6.2.0-150400.37.29.1
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU proce
- CVE-2024-24474Feb 20, 2024affected < 6.2.0-150400.37.29.1fixed 6.2.0-150400.37.29.1
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.
- CVE-2023-6683Jan 12, 2024affected < 6.2.0-150400.37.29.1fixed 6.2.0-150400.37.29.1
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference.
- CVE-2023-2861Dec 6, 2023affected < 6.2.0-150400.37.20.1fixed 6.2.0-150400.37.20.1
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the share
- CVE-2023-3255Sep 13, 2023affected < 6.2.0-150400.37.20.1fixed 6.2.0-150400.37.20.1
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is
- CVE-2023-3301Sep 13, 2023affected < 6.2.0-150400.37.20.1fixed 6.2.0-150400.37.20.1
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
- affected < 6.2.0-150400.37.29.1fixed 6.2.0-150400.37.29.1
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.