rpm package

suse/qemu&distro=SUSE Linux Enterprise Desktop 12 SP1

pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Vulnerabilities (85)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-1981	Med	5.5	< 2.3.1-14.1	2.3.1-14.1	Dec 29, 2016	QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated des
CVE-2016-1922	Med	5.5	< 2.3.1-14.1	2.3.1-14.1	Dec 29, 2016	QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer de
CVE-2015-8818	Med	5.5	< 2.3.1-14.1	2.3.1-14.1	Dec 29, 2016	The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.
CVE-2015-8817	Med	5.5	< 2.3.1-14.1	2.3.1-14.1	Dec 29, 2016	QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest c
CVE-2015-8745	Med	5.5	< 2.3.1-14.1	2.3.1-14.1	Dec 29, 2016	QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulti
CVE-2015-8744	Med	5.5	< 2.3.1-14.1	2.3.1-14.1	Dec 29, 2016	QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance
CVE-2015-8743	Hig	7.1	< 2.3.1-14.1	2.3.1-14.1	Dec 29, 2016	QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.
CVE-2016-9921	Med	6.5	< 2.3.1-32.11	2.3.1-32.11	Dec 23, 2016	Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst
CVE-2016-9911	Med	6.5	< 2.3.1-32.11	2.3.1-32.11	Dec 23, 2016	Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2016-9907	Med	6.5	< 2.3.1-32.11	2.3.1-32.11	Dec 23, 2016	Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a hos
CVE-2016-7466	Med	6.0	< 2.3.1-24.6	2.3.1-24.6	Dec 10, 2016	Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
CVE-2016-7421	Med	4.4	< 2.3.1-24.6	2.3.1-24.6	Dec 10, 2016	The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.
CVE-2016-7170	Med	4.4	< 2.3.1-24.6	2.3.1-24.6	Dec 10, 2016	The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing
CVE-2016-7156	Med	4.4	< 2.3.1-21.1	2.3.1-21.1	Dec 10, 2016	The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.
CVE-2016-7155	Med	4.4	< 2.3.1-21.1	2.3.1-21.1	Dec 10, 2016	hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
CVE-2016-7116	Med	6.0	< 2.3.1-21.1	2.3.1-21.1	Dec 10, 2016	Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
CVE-2016-6888	Med	4.4	< 2.3.1-21.1	2.3.1-21.1	Dec 10, 2016	Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL poi
CVE-2016-6836	Med	6.0	< 2.3.1-21.1	2.3.1-21.1	Dec 10, 2016	The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
CVE-2016-6833	Med	4.4	< 2.3.1-21.1	2.3.1-21.1	Dec 10, 2016	Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
CVE-2016-6490	Med	4.4	< 2.3.1-21.1	2.3.1-21.1	Dec 10, 2016	The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.

CVE-2016-1981MedDec 29, 2016
affected < 2.3.1-14.1fixed 2.3.1-14.1
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated des
CVE-2016-1922MedDec 29, 2016
affected < 2.3.1-14.1fixed 2.3.1-14.1
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer de
CVE-2015-8818MedDec 29, 2016
affected < 2.3.1-14.1fixed 2.3.1-14.1
The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.
CVE-2015-8817MedDec 29, 2016
affected < 2.3.1-14.1fixed 2.3.1-14.1
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest c
CVE-2015-8745MedDec 29, 2016
affected < 2.3.1-14.1fixed 2.3.1-14.1
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulti
CVE-2015-8744MedDec 29, 2016
affected < 2.3.1-14.1fixed 2.3.1-14.1
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance
CVE-2015-8743HigDec 29, 2016
affected < 2.3.1-14.1fixed 2.3.1-14.1
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.
CVE-2016-9921MedDec 23, 2016
affected < 2.3.1-32.11fixed 2.3.1-32.11
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst
CVE-2016-9911MedDec 23, 2016
affected < 2.3.1-32.11fixed 2.3.1-32.11
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2016-9907MedDec 23, 2016
affected < 2.3.1-32.11fixed 2.3.1-32.11
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a hos
CVE-2016-7466MedDec 10, 2016
affected < 2.3.1-24.6fixed 2.3.1-24.6
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
CVE-2016-7421MedDec 10, 2016
affected < 2.3.1-24.6fixed 2.3.1-24.6
The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.
CVE-2016-7170MedDec 10, 2016
affected < 2.3.1-24.6fixed 2.3.1-24.6
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing
CVE-2016-7156MedDec 10, 2016
affected < 2.3.1-21.1fixed 2.3.1-21.1
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.
CVE-2016-7155MedDec 10, 2016
affected < 2.3.1-21.1fixed 2.3.1-21.1
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
CVE-2016-7116MedDec 10, 2016
affected < 2.3.1-21.1fixed 2.3.1-21.1
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
CVE-2016-6888MedDec 10, 2016
affected < 2.3.1-21.1fixed 2.3.1-21.1
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL poi
CVE-2016-6836MedDec 10, 2016
affected < 2.3.1-21.1fixed 2.3.1-21.1
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
CVE-2016-6833MedDec 10, 2016
affected < 2.3.1-21.1fixed 2.3.1-21.1
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
CVE-2016-6490MedDec 10, 2016
affected < 2.3.1-21.1fixed 2.3.1-21.1
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.

Page 2 of 5