rpm package

suse/qemu&distro=SUSE Linux Enterprise Server 12-LTSS

pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Vulnerabilities (98)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-7156	Med	4.4	< 2.0.2-48.22.1	2.0.2-48.22.1	Dec 10, 2016	The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.
CVE-2016-7155	Med	4.4	< 2.0.2-48.22.1	2.0.2-48.22.1	Dec 10, 2016	hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
CVE-2016-7116	Med	6.0	< 2.0.2-48.22.1	2.0.2-48.22.1	Dec 10, 2016	Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
CVE-2016-6888	Med	4.4	< 2.0.2-48.22.1	2.0.2-48.22.1	Dec 10, 2016	Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL poi
CVE-2016-6836	Med	6.0	< 2.0.2-48.22.1	2.0.2-48.22.1	Dec 10, 2016	The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
CVE-2016-6835	Med	6.0	< 2.0.2-48.34.3	2.0.2-48.34.3	Dec 10, 2016	The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
CVE-2016-6834	Med	4.4	< 2.0.2-48.34.3	2.0.2-48.34.3	Dec 10, 2016	The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
CVE-2016-6833	Med	4.4	< 2.0.2-48.22.1	2.0.2-48.22.1	Dec 10, 2016	Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
CVE-2016-6490	Med	4.4	< 2.0.2-48.22.1	2.0.2-48.22.1	Dec 10, 2016	The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
CVE-2016-9106	Med	6.0	< 2.0.2-48.25.1	2.0.2-48.25.1	Dec 9, 2016	Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
CVE-2016-9105	Med	6.0	< 2.0.2-48.25.1	2.0.2-48.25.1	Dec 9, 2016	Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
CVE-2016-9104	Med	4.4	< 2.0.2-48.25.1	2.0.2-48.25.1	Dec 9, 2016	Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access
CVE-2016-9103	Med	6.0	< 2.0.2-48.25.1	2.0.2-48.25.1	Dec 9, 2016	The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
CVE-2016-9102	Med	6.0	< 2.0.2-48.25.1	2.0.2-48.25.1	Dec 9, 2016	Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.
CVE-2016-9101	Med	6.0	< 2.0.2-48.25.1	2.0.2-48.25.1	Dec 9, 2016	Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
CVE-2016-8910	Med	6.0	< 2.0.2-48.25.1	2.0.2-48.25.1	Nov 4, 2016	The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
CVE-2016-8909	Med	6.0	< 2.0.2-48.25.1	2.0.2-48.25.1	Nov 4, 2016	The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
CVE-2016-8669	Med	6.0	< 2.0.2-48.25.1	2.0.2-48.25.1	Nov 4, 2016	The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
CVE-2016-8667	Med	6.0	< 2.0.2-48.25.1	2.0.2-48.25.1	Nov 4, 2016	The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
CVE-2016-8578	Med	6.0	< 2.0.2-48.25.1	2.0.2-48.25.1	Nov 4, 2016	The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.

CVE-2016-7156MedDec 10, 2016
affected < 2.0.2-48.22.1fixed 2.0.2-48.22.1
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.
CVE-2016-7155MedDec 10, 2016
affected < 2.0.2-48.22.1fixed 2.0.2-48.22.1
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
CVE-2016-7116MedDec 10, 2016
affected < 2.0.2-48.22.1fixed 2.0.2-48.22.1
Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.
CVE-2016-6888MedDec 10, 2016
affected < 2.0.2-48.22.1fixed 2.0.2-48.22.1
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL poi
CVE-2016-6836MedDec 10, 2016
affected < 2.0.2-48.22.1fixed 2.0.2-48.22.1
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
CVE-2016-6835MedDec 10, 2016
affected < 2.0.2-48.34.3fixed 2.0.2-48.34.3
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
CVE-2016-6834MedDec 10, 2016
affected < 2.0.2-48.34.3fixed 2.0.2-48.34.3
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
CVE-2016-6833MedDec 10, 2016
affected < 2.0.2-48.22.1fixed 2.0.2-48.22.1
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
CVE-2016-6490MedDec 10, 2016
affected < 2.0.2-48.22.1fixed 2.0.2-48.22.1
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
CVE-2016-9106MedDec 9, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
CVE-2016-9105MedDec 9, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
CVE-2016-9104MedDec 9, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access
CVE-2016-9103MedDec 9, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
CVE-2016-9102MedDec 9, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.
CVE-2016-9101MedDec 9, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
CVE-2016-8910MedNov 4, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
CVE-2016-8909MedNov 4, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
CVE-2016-8669MedNov 4, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
CVE-2016-8667MedNov 4, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
CVE-2016-8578MedNov 4, 2016
affected < 2.0.2-48.25.1fixed 2.0.2-48.25.1
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.

Page 4 of 5