rpm package

suse/qemu&distro=SUSE Linux Enterprise Desktop 12

pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Vulnerabilities (50)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-2538	Hig	7.1	< 2.0.2-48.19.1	2.0.2-48.19.1	Jun 16, 2016	Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is
CVE-2016-4020	Med	6.5	< 2.0.2-48.19.1	2.0.2-48.19.1	May 25, 2016	The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2016-4037	Med	6.0	< 2.0.2-48.19.1	2.0.2-48.19.1	May 23, 2016	The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
CVE-2016-4001	Hig	8.6	< 2.0.2-48.19.1	2.0.2-48.19.1	May 23, 2016	Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
CVE-2015-8558	Med	5.5	< 2.0.2-48.19.1	2.0.2-48.19.1	May 23, 2016	The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
CVE-2016-4441	Med	6.0	< 2.0.2-48.19.1	2.0.2-48.19.1	May 20, 2016	The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin
CVE-2016-4439	Med	6.7	< 2.0.2-48.19.1	2.0.2-48.19.1	May 20, 2016	The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e
CVE-2016-3712	Med	5.5	< 2.0.2-48.19.1	2.0.2-48.19.1	May 11, 2016	Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
CVE-2016-3710	Hig	8.8	< 2.0.2-48.19.1	2.0.2-48.19.1	May 11, 2016	The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
CVE-2016-4002	Cri	9.8	< 2.0.2-48.19.1	2.0.2-48.19.1	Apr 26, 2016	Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th
CVE-2016-2857	Hig	8.4	< 2.0.2-48.19.1	2.0.2-48.19.1	Apr 12, 2016	The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2016-1568	Hig	8.8	< 2.0.2-48.19.1	2.0.2-48.19.1	Apr 12, 2016	Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
CVE-2016-2858	Med	6.5	< 2.0.2-48.19.1	2.0.2-48.19.1	Apr 7, 2016	QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
CVE-2016-1714	Hig	8.1	< 2.0.2-48.19.1	2.0.2-48.19.1	Apr 7, 2016	The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access
CVE-2015-1779	Hig	8.6	< 2.0.2-46.1	2.0.2-46.1	Jan 12, 2016	The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2015-7512	Cri	9.0	< 2.0.2-48.12.1	2.0.2-48.12.1	Jan 8, 2016	Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
CVE-2015-7295		—	< 2.0.2-48.19.1	2.0.2-48.19.1	Nov 9, 2015	hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap in
CVE-2015-6855	Hig	7.5	< 2.0.2-48.9.1	2.0.2-48.9.1	Nov 6, 2015	hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive,
CVE-2015-5279		—	< 2.0.2-48.9.1	2.0.2-48.9.1	Sep 28, 2015	Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-3214		—	< 2.0.2-48.19.1	2.0.2-48.19.1	Aug 31, 2015	The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

CVE-2016-2538HigJun 16, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is
CVE-2016-4020MedMay 25, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2016-4037MedMay 23, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
CVE-2016-4001HigMay 23, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
CVE-2015-8558MedMay 23, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
CVE-2016-4441MedMay 20, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involvin
CVE-2016-4439MedMay 20, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially e
CVE-2016-3712MedMay 11, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
CVE-2016-3710HigMay 11, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
CVE-2016-4002CriApr 26, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger th
CVE-2016-2857HigApr 12, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2016-1568HigApr 12, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
CVE-2016-2858MedApr 7, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
CVE-2016-1714HigApr 7, 2016
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access
CVE-2015-1779HigJan 12, 2016
affected < 2.0.2-46.1fixed 2.0.2-46.1
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2015-7512CriJan 8, 2016
affected < 2.0.2-48.12.1fixed 2.0.2-48.12.1
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
CVE-2015-7295Nov 9, 2015
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap in
CVE-2015-6855HigNov 6, 2015
affected < 2.0.2-48.9.1fixed 2.0.2-48.9.1
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive,
CVE-2015-5279Sep 28, 2015
affected < 2.0.2-48.9.1fixed 2.0.2-48.9.1
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-3214Aug 31, 2015
affected < 2.0.2-48.19.1fixed 2.0.2-48.19.1
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Page 2 of 3