rpm package

suse/qemu&distro=SUSE Linux Enterprise Server 12 SP3

pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3

Vulnerabilities (40)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-7550		—	< 2.9.1-6.12.1	2.9.1-6.12.1	Mar 1, 2018	The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
CVE-2017-18043		—	< 2.9.1-6.12.1	2.9.1-6.12.1	Jan 31, 2018	Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
CVE-2018-5683		—	< 2.9.1-6.12.1	2.9.1-6.12.1	Jan 23, 2018	The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2017-15124		—	< 2.9.1-6.12.1	2.9.1-6.12.1	Jan 9, 2018	VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing mem
CVE-2017-5715		—	< 2.9.1-6.9.2	2.9.1-6.9.2	Jan 4, 2018	Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-17381	Med	6.5	< 2.9.1-6.12.1	2.9.1-6.12.1	Dec 7, 2017	The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.
CVE-2017-16845	Cri	10.0	< 2.9.1-6.12.1	2.9.1-6.12.1	Nov 17, 2017	hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVE-2017-15289	Med	6.0	< 2.9.1-6.6.3	2.9.1-6.6.3	Oct 16, 2017	The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
CVE-2017-15268	Hig	7.5	< 2.9.1-6.6.3	2.9.1-6.6.3	Oct 12, 2017	Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
CVE-2017-15038	Med	5.6	< 2.9.1-6.6.3	2.9.1-6.6.3	Oct 10, 2017	Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
CVE-2017-14167	Hig	8.8	< 2.9.1-6.6.3	2.9.1-6.6.3	Sep 8, 2017	Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
CVE-2017-13711	Hig	7.5	< 2.9.1-6.6.3	2.9.1-6.6.3	Sep 1, 2017	Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
CVE-2017-13672	Med	5.5	< 2.9.1-6.6.3	2.9.1-6.6.3	Sep 1, 2017	QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
CVE-2017-13673	Med	6.5	< 2.9.1-6.28.1	2.9.1-6.28.1	Aug 29, 2017	The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
CVE-2017-12809	Med	6.5	< 2.9.1-6.6.3	2.9.1-6.6.3	Aug 23, 2017	QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
CVE-2017-11334	Med	4.4	< 2.9.0-6.3.1	2.9.0-6.3.1	Aug 2, 2017	The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
CVE-2017-10806	Med	5.5	< 2.9.0-6.3.1	2.9.0-6.3.1	Aug 2, 2017	Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
CVE-2017-10664	Hig	7.5	< 2.9.0-6.3.1	2.9.0-6.3.1	Aug 2, 2017	qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
CVE-2017-11434	Med	5.5	< 2.9.0-6.3.1	2.9.0-6.3.1	Jul 25, 2017	The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
CVE-2017-10911	Med	6.5	< 2.9.1-6.6.3	2.9.1-6.6.3	Jul 5, 2017	The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interfac

CVE-2018-7550Mar 1, 2018
affected < 2.9.1-6.12.1fixed 2.9.1-6.12.1
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
CVE-2017-18043Jan 31, 2018
affected < 2.9.1-6.12.1fixed 2.9.1-6.12.1
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
CVE-2018-5683Jan 23, 2018
affected < 2.9.1-6.12.1fixed 2.9.1-6.12.1
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2017-15124Jan 9, 2018
affected < 2.9.1-6.12.1fixed 2.9.1-6.12.1
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing mem
CVE-2017-5715Jan 4, 2018
affected < 2.9.1-6.9.2fixed 2.9.1-6.9.2
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2017-17381MedDec 7, 2017
affected < 2.9.1-6.12.1fixed 2.9.1-6.12.1
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.
CVE-2017-16845CriNov 17, 2017
affected < 2.9.1-6.12.1fixed 2.9.1-6.12.1
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVE-2017-15289MedOct 16, 2017
affected < 2.9.1-6.6.3fixed 2.9.1-6.6.3
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
CVE-2017-15268HigOct 12, 2017
affected < 2.9.1-6.6.3fixed 2.9.1-6.6.3
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
CVE-2017-15038MedOct 10, 2017
affected < 2.9.1-6.6.3fixed 2.9.1-6.6.3
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
CVE-2017-14167HigSep 8, 2017
affected < 2.9.1-6.6.3fixed 2.9.1-6.6.3
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
CVE-2017-13711HigSep 1, 2017
affected < 2.9.1-6.6.3fixed 2.9.1-6.6.3
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
CVE-2017-13672MedSep 1, 2017
affected < 2.9.1-6.6.3fixed 2.9.1-6.6.3
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
CVE-2017-13673MedAug 29, 2017
affected < 2.9.1-6.28.1fixed 2.9.1-6.28.1
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
CVE-2017-12809MedAug 23, 2017
affected < 2.9.1-6.6.3fixed 2.9.1-6.6.3
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
CVE-2017-11334MedAug 2, 2017
affected < 2.9.0-6.3.1fixed 2.9.0-6.3.1
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
CVE-2017-10806MedAug 2, 2017
affected < 2.9.0-6.3.1fixed 2.9.0-6.3.1
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
CVE-2017-10664HigAug 2, 2017
affected < 2.9.0-6.3.1fixed 2.9.0-6.3.1
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
CVE-2017-11434MedJul 25, 2017
affected < 2.9.0-6.3.1fixed 2.9.0-6.3.1
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
CVE-2017-10911MedJul 5, 2017
affected < 2.9.1-6.6.3fixed 2.9.1-6.6.3
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interfac

Page 2 of 2