rpm package
suse/qemu&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (75)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3608 | — | < 3.1.1.1-54.1 | 3.1.1.1-54.1 | Feb 24, 2022 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitiali | ||
| CVE-2021-3607 | — | < 3.1.1.1-54.1 | 3.1.1.1-54.1 | Feb 24, 2022 | An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make | ||
| CVE-2021-3930 | — | < 3.1.1.1-63.4 | 3.1.1.1-63.4 | Feb 18, 2022 | An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d | ||
| CVE-2021-3713 | — | < 3.1.1.1-60.2 | 3.1.1.1-60.2 | Aug 25, 2021 | An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. | ||
| CVE-2021-3682 | — | < 3.1.1.1-57.2 | 3.1.1.1-57.2 | Aug 5, 2021 | A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit | ||
| CVE-2021-3595 | — | < 3.1.1.1-54.1 | 3.1.1.1-54.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3594 | — | < 3.1.1.1-54.1 | 3.1.1.1-54.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound | ||
| CVE-2021-3593 | — | < 3.1.1.1-54.1 | 3.1.1.1-54.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3592 | — | < 3.1.1.1-54.1 | 3.1.1.1-54.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this | ||
| CVE-2020-35503 | — | < 3.1.1.1-57.2 | 3.1.1.1-57.2 | Jun 2, 2021 | A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest us | ||
| CVE-2020-35506 | — | < 3.1.1.1-57.2 | 3.1.1.1-57.2 | May 28, 2021 | A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting | ||
| CVE-2020-35505 | — | < 3.1.1.1-57.2 | 3.1.1.1-57.2 | May 28, 2021 | A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulti | ||
| CVE-2020-35504 | — | < 3.1.1.1-57.2 | 3.1.1.1-57.2 | May 28, 2021 | A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system avai | ||
| CVE-2021-20196 | — | < 3.1.1.1-63.4 | 3.1.1.1-63.4 | May 26, 2021 | A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on | ||
| CVE-2021-3527 | — | < 3.1.1.1-57.2 | 3.1.1.1-57.2 | May 26, 2021 | A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array | ||
| CVE-2021-20221 | — | < 3.1.1.1-48.2 | 3.1.1.1-48.2 | May 13, 2021 | An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide | ||
| CVE-2021-20181 | — | < 3.1.1.1-48.2 | 3.1.1.1-48.2 | May 13, 2021 | A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to con | ||
| CVE-2021-3507 | — | < 3.1.1.1-66.1 | 3.1.1.1-66.1 | May 6, 2021 | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f | ||
| CVE-2021-3409 | — | < 3.1.1.1-66.1 | 3.1.1.1-66.1 | Mar 23, 2021 | The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on t | ||
| CVE-2021-3416 | — | < 3.1.1.1-48.2 | 3.1.1.1-48.2 | Mar 18, 2021 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles |
- CVE-2021-3608Feb 24, 2022affected < 3.1.1.1-54.1fixed 3.1.1.1-54.1
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitiali
- CVE-2021-3607Feb 24, 2022affected < 3.1.1.1-54.1fixed 3.1.1.1-54.1
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make
- CVE-2021-3930Feb 18, 2022affected < 3.1.1.1-63.4fixed 3.1.1.1-63.4
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a d
- CVE-2021-3713Aug 25, 2021affected < 3.1.1.1-60.2fixed 3.1.1.1-60.2
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields.
- CVE-2021-3682Aug 5, 2021affected < 3.1.1.1-57.2fixed 3.1.1.1-57.2
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit
- CVE-2021-3595Jun 15, 2021affected < 3.1.1.1-54.1fixed 3.1.1.1-54.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
- CVE-2021-3594Jun 15, 2021affected < 3.1.1.1-54.1fixed 3.1.1.1-54.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
- CVE-2021-3593Jun 15, 2021affected < 3.1.1.1-54.1fixed 3.1.1.1-54.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-boun
- CVE-2021-3592Jun 15, 2021affected < 3.1.1.1-54.1fixed 3.1.1.1-54.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
- CVE-2020-35503Jun 2, 2021affected < 3.1.1.1-57.2fixed 3.1.1.1-57.2
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest us
- CVE-2020-35506May 28, 2021affected < 3.1.1.1-57.2fixed 3.1.1.1-57.2
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting
- CVE-2020-35505May 28, 2021affected < 3.1.1.1-57.2fixed 3.1.1.1-57.2
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulti
- CVE-2020-35504May 28, 2021affected < 3.1.1.1-57.2fixed 3.1.1.1-57.2
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system avai
- CVE-2021-20196May 26, 2021affected < 3.1.1.1-63.4fixed 3.1.1.1-63.4
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on
- CVE-2021-3527May 26, 2021affected < 3.1.1.1-57.2fixed 3.1.1.1-57.2
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array
- CVE-2021-20221May 13, 2021affected < 3.1.1.1-48.2fixed 3.1.1.1-48.2
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide
- CVE-2021-20181May 13, 2021affected < 3.1.1.1-48.2fixed 3.1.1.1-48.2
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to con
- CVE-2021-3507May 6, 2021affected < 3.1.1.1-66.1fixed 3.1.1.1-66.1
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f
- CVE-2021-3409Mar 23, 2021affected < 3.1.1.1-66.1fixed 3.1.1.1-66.1
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on t
- CVE-2021-3416Mar 18, 2021affected < 3.1.1.1-48.2fixed 3.1.1.1-48.2
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles
Page 2 of 4