VYPR

rpm package

suse/qemu&distro=SUSE Linux Enterprise Desktop 12 SP2

pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2

Vulnerabilities (89)

  • CVE-2016-8668MedNov 4, 2016
    affected < 2.6.2-31.2fixed 2.6.2-31.2

    The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.

  • CVE-2016-8667MedNov 4, 2016
    affected < 2.6.2-31.2fixed 2.6.2-31.2

    The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.

  • CVE-2016-8578MedNov 4, 2016
    affected < 2.6.2-31.2fixed 2.6.2-31.2

    The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.

  • CVE-2016-8577MedNov 4, 2016
    affected < 2.6.2-31.2fixed 2.6.2-31.2

    Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.

  • CVE-2016-8576MedNov 4, 2016
    affected < 2.6.2-31.2fixed 2.6.2-31.2

    The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

  • CVE-2016-7909MedOct 5, 2016
    affected < 2.6.2-31.2fixed 2.6.2-31.2

    The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.

  • CVE-2016-7908MedOct 5, 2016
    affected < 2.6.2-31.2fixed 2.6.2-31.2

    The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in

  • CVE-2016-7907MedOct 5, 2016
    affected < 2.6.2-31.2fixed 2.6.2-31.2

    The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors in

  • CVE-2016-7161CriOct 5, 2016
    affected < 2.6.2-31.2fixed 2.6.2-31.2

    Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.

Page 5 of 5