rpm package
opensuse/qemu-testsuite&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/qemu-testsuite&distro=openSUSE%20Leap%2015.3
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-0358 | — | < 5.2.0-150300.112.7 | 5.2.0-150300.112.7 | Aug 29, 2022 | A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory | ||
| CVE-2022-0216 | — | < 5.2.0-150300.118.5 | 5.2.0-150300.118.5 | Aug 26, 2022 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest | ||
| CVE-2022-35414 | — | < 5.2.0-150300.118.5 | 5.2.0-150300.118.5 | Jul 11, 2022 | softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-v | ||
| CVE-2021-4206 | — | < 5.2.0-150300.115.4 | 5.2.0-150300.115.4 | Apr 29, 2022 | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th | ||
| CVE-2021-4207 | — | < 5.2.0-150300.115.4 | 5.2.0-150300.115.4 | Apr 29, 2022 | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg | ||
| CVE-2021-3748 | — | < 5.2.0-106.3 | 5.2.0-106.3 | Mar 23, 2022 | A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash | ||
| CVE-2022-26354 | — | < 5.2.0-150300.115.4 | 5.2.0-150300.115.4 | Mar 16, 2022 | A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. | ||
| CVE-2021-3930 | — | < 5.2.0-150300.112.7 | 5.2.0-150300.112.7 | Feb 18, 2022 | An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d | ||
| CVE-2021-3713 | — | < 5.2.0-106.3 | 5.2.0-106.3 | Aug 25, 2021 | An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. | ||
| CVE-2021-20196 | — | < 5.2.0-150300.109.4 | 5.2.0-150300.109.4 | May 26, 2021 | A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on |
- CVE-2022-0358Aug 29, 2022affected < 5.2.0-150300.112.7fixed 5.2.0-150300.112.7
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory
- CVE-2022-0216Aug 26, 2022affected < 5.2.0-150300.118.5fixed 5.2.0-150300.118.5
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest
- CVE-2022-35414Jul 11, 2022affected < 5.2.0-150300.118.5fixed 5.2.0-150300.118.5
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-v
- CVE-2021-4206Apr 29, 2022affected < 5.2.0-150300.115.4fixed 5.2.0-150300.115.4
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
- CVE-2021-4207Apr 29, 2022affected < 5.2.0-150300.115.4fixed 5.2.0-150300.115.4
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
- CVE-2021-3748Mar 23, 2022affected < 5.2.0-106.3fixed 5.2.0-106.3
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash
- CVE-2022-26354Mar 16, 2022affected < 5.2.0-150300.115.4fixed 5.2.0-150300.115.4
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
- CVE-2021-3930Feb 18, 2022affected < 5.2.0-150300.112.7fixed 5.2.0-150300.112.7
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d
- CVE-2021-3713Aug 25, 2021affected < 5.2.0-106.3fixed 5.2.0-106.3
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields.
- CVE-2021-20196May 26, 2021affected < 5.2.0-150300.109.4fixed 5.2.0-150300.109.4
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on