rpm package
suse/qemu&distro=SUSE Linux Enterprise Micro 5.1
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-26354 | — | < 5.2.0-150300.115.2 | 5.2.0-150300.115.2 | Mar 16, 2022 | A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. | ||
| CVE-2021-3638 | — | < 5.2.0-150300.127.3 | 5.2.0-150300.127.3 | Mar 3, 2022 | An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this | ||
| CVE-2021-3930 | — | < 5.2.0-150300.112.4 | 5.2.0-150300.112.4 | Feb 18, 2022 | An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d | ||
| CVE-2021-3713 | — | < 5.2.0-106.4 | 5.2.0-106.4 | Aug 25, 2021 | An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. | ||
| CVE-2021-20196 | — | < 5.2.0-150300.109.2 | 5.2.0-150300.109.2 | May 26, 2021 | A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on | ||
| CVE-2021-3507 | — | < 5.2.0-150300.121.2 | 5.2.0-150300.121.2 | May 6, 2021 | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f |
- CVE-2022-26354Mar 16, 2022affected < 5.2.0-150300.115.2fixed 5.2.0-150300.115.2
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
- CVE-2021-3638Mar 3, 2022affected < 5.2.0-150300.127.3fixed 5.2.0-150300.127.3
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this
- CVE-2021-3930Feb 18, 2022affected < 5.2.0-150300.112.4fixed 5.2.0-150300.112.4
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d
- CVE-2021-3713Aug 25, 2021affected < 5.2.0-106.4fixed 5.2.0-106.4
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields.
- CVE-2021-20196May 26, 2021affected < 5.2.0-150300.109.2fixed 5.2.0-150300.109.2
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on
- CVE-2021-3507May 6, 2021affected < 5.2.0-150300.121.2fixed 5.2.0-150300.121.2
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f
Page 2 of 2