rpm package
suse/qemu&distro=SUSE Linux Enterprise Micro 5.5
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-3019 | Med | 6.0 | < 7.1.0-150500.49.15.1 | 7.1.0-150500.49.15.1 | Jul 24, 2023 | A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. | |
| CVE-2023-3354 | — | < 7.1.0-150500.49.9.2 | 7.1.0-150500.49.9.2 | Jul 11, 2023 | A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake ph | ||
| CVE-2023-1544 | — | < 7.1.0-150500.49.12.1 | 7.1.0-150500.49.12.1 | Mar 23, 2023 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds re | ||
| CVE-2023-0330 | — | < 7.1.0-150500.49.6.1 | 7.1.0-150500.49.6.1 | Mar 6, 2023 | A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | ||
| CVE-2021-3638 | — | < 7.1.0-150500.49.9.2 | 7.1.0-150500.49.9.2 | Mar 3, 2022 | An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this |
- affected < 7.1.0-150500.49.15.1fixed 7.1.0-150500.49.15.1
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
- CVE-2023-3354Jul 11, 2023affected < 7.1.0-150500.49.9.2fixed 7.1.0-150500.49.9.2
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake ph
- CVE-2023-1544Mar 23, 2023affected < 7.1.0-150500.49.12.1fixed 7.1.0-150500.49.12.1
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds re
- CVE-2023-0330Mar 6, 2023affected < 7.1.0-150500.49.6.1fixed 7.1.0-150500.49.6.1
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.
- CVE-2021-3638Mar 3, 2022affected < 7.1.0-150500.49.9.2fixed 7.1.0-150500.49.9.2
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this
Page 2 of 2