rpm package
opensuse/qemu-linux-user&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Tumbleweed
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4964 | Med | 6.0 | < 2.6.1-1.5 | 2.6.1-1.5 | Dec 10, 2016 | The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state. | |
| CVE-2016-4952 | Med | 6.0 | < 2.6.1-1.5 | 2.6.1-1.5 | Sep 2, 2016 | QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING S | |
| CVE-2016-4020 | Med | 6.5 | < 2.6.1-1.5 | 2.6.1-1.5 | May 25, 2016 | The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). | |
| CVE-2016-4441 | Med | 6.0 | < 2.6.1-1.5 | 2.6.1-1.5 | May 20, 2016 | The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin | |
| CVE-2016-4439 | Med | 6.7 | < 2.6.1-1.5 | 2.6.1-1.5 | May 20, 2016 | The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e | |
| CVE-2016-3712 | Med | 5.5 | < 2.6.1-1.5 | 2.6.1-1.5 | May 11, 2016 | Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | |
| CVE-2016-4002 | Cri | 9.8 | < 2.6.1-1.5 | 2.6.1-1.5 | Apr 26, 2016 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th | |
| CVE-2012-3515 | — | < 2.6.1-1.5 | 2.6.1-1.5 | Nov 23, 2012 | Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." | ||
| CVE-2008-4539 | — | < 2.6.1-1.5 | 2.6.1-1.5 | Dec 29, 2008 | Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists | ||
| CVE-2008-2382 | — | < 2.6.1-1.5 | 2.6.1-1.5 | Dec 24, 2008 | The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. | ||
| CVE-2008-1945 | — | < 2.6.1-1.5 | 2.6.1-1.5 | Aug 8, 2008 | QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-20 | ||
| CVE-2008-0928 | — | < 2.6.1-1.5 | 2.6.1-1.5 | Mar 3, 2008 | Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. |
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state.
- affected < 2.6.1-1.5fixed 2.6.1-1.5
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING S
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e
- affected < 2.6.1-1.5fixed 2.6.1-1.5
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
- affected < 2.6.1-1.5fixed 2.6.1-1.5
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th
- CVE-2012-3515Nov 23, 2012affected < 2.6.1-1.5fixed 2.6.1-1.5
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
- CVE-2008-4539Dec 29, 2008affected < 2.6.1-1.5fixed 2.6.1-1.5
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists
- CVE-2008-2382Dec 24, 2008affected < 2.6.1-1.5fixed 2.6.1-1.5
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
- CVE-2008-1945Aug 8, 2008affected < 2.6.1-1.5fixed 2.6.1-1.5
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-20
- CVE-2008-0928Mar 3, 2008affected < 2.6.1-1.5fixed 2.6.1-1.5
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.