rpm package
suse/qemu&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3682 | — | < 3.1.1.1-80.40.1 | 3.1.1.1-80.40.1 | Aug 5, 2021 | A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit | ||
| CVE-2021-3595 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3594 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound | ||
| CVE-2021-3593 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3592 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this | ||
| CVE-2020-35503 | — | < 3.1.1.1-80.40.1 | 3.1.1.1-80.40.1 | Jun 2, 2021 | A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest us | ||
| CVE-2020-35506 | — | < 3.1.1.1-80.40.1 | 3.1.1.1-80.40.1 | May 28, 2021 | A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting | ||
| CVE-2020-35505 | — | < 3.1.1.1-80.40.1 | 3.1.1.1-80.40.1 | May 28, 2021 | A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulti | ||
| CVE-2020-35504 | — | < 3.1.1.1-80.40.1 | 3.1.1.1-80.40.1 | May 28, 2021 | A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system avai | ||
| CVE-2021-3527 | — | < 3.1.1.1-80.40.1 | 3.1.1.1-80.40.1 | May 26, 2021 | A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array | ||
| CVE-2021-20221 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | May 13, 2021 | An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide | ||
| CVE-2021-20181 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | May 13, 2021 | A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to con | ||
| CVE-2021-3507 | — | < 3.1.1.1-150100.80.43.2 | 3.1.1.1-150100.80.43.2 | May 6, 2021 | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f | ||
| CVE-2021-3409 | — | < 3.1.1.1-150100.80.43.2 | 3.1.1.1-150100.80.43.2 | Mar 23, 2021 | The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on t | ||
| CVE-2021-3416 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Mar 18, 2021 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles | ||
| CVE-2021-20255 | — | < 3.1.1.1-80.40.1 | 3.1.1.1-80.40.1 | Mar 9, 2021 | A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p | ||
| CVE-2021-20203 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Feb 25, 2021 | An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the hos | ||
| CVE-2020-17380 | — | < 3.1.1.1-150100.80.43.2 | 3.1.1.1-150100.80.43.2 | Jan 30, 2021 | A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the | ||
| CVE-2020-29443 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Jan 22, 2021 | ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | ||
| CVE-2020-11947 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Dec 31, 2020 | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. |
- CVE-2021-3682Aug 5, 2021affected < 3.1.1.1-80.40.1fixed 3.1.1.1-80.40.1
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit
- CVE-2021-3595Jun 15, 2021affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
- CVE-2021-3594Jun 15, 2021affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
- CVE-2021-3593Jun 15, 2021affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-boun
- CVE-2021-3592Jun 15, 2021affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
- CVE-2020-35503Jun 2, 2021affected < 3.1.1.1-80.40.1fixed 3.1.1.1-80.40.1
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest us
- CVE-2020-35506May 28, 2021affected < 3.1.1.1-80.40.1fixed 3.1.1.1-80.40.1
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting
- CVE-2020-35505May 28, 2021affected < 3.1.1.1-80.40.1fixed 3.1.1.1-80.40.1
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulti
- CVE-2020-35504May 28, 2021affected < 3.1.1.1-80.40.1fixed 3.1.1.1-80.40.1
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system avai
- CVE-2021-3527May 26, 2021affected < 3.1.1.1-80.40.1fixed 3.1.1.1-80.40.1
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array
- CVE-2021-20221May 13, 2021affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide
- CVE-2021-20181May 13, 2021affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to con
- CVE-2021-3507May 6, 2021affected < 3.1.1.1-150100.80.43.2fixed 3.1.1.1-150100.80.43.2
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f
- CVE-2021-3409Mar 23, 2021affected < 3.1.1.1-150100.80.43.2fixed 3.1.1.1-150100.80.43.2
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on t
- CVE-2021-3416Mar 18, 2021affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles
- CVE-2021-20255Mar 9, 2021affected < 3.1.1.1-80.40.1fixed 3.1.1.1-80.40.1
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p
- CVE-2021-20203Feb 25, 2021affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the hos
- CVE-2020-17380Jan 30, 2021affected < 3.1.1.1-150100.80.43.2fixed 3.1.1.1-150100.80.43.2
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the
- CVE-2020-29443Jan 22, 2021affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
- CVE-2020-11947Dec 31, 2020affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
Page 2 of 4