rpm package
suse/qemu&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (73)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-6778 | — | < 2.11.2-5.8.1 | 2.11.2-5.8.1 | Mar 17, 2019 | In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. | ||
| CVE-2019-3812 | — | < 2.11.2-5.13.1 | 2.11.2-5.13.1 | Feb 19, 2019 | QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the | ||
| CVE-2018-20126 | — | < 2.11.2-5.23.2 | 2.11.2-5.23.2 | Dec 20, 2018 | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. | ||
| CVE-2018-16872 | — | < 2.11.2-5.8.1 | 2.11.2-5.8.1 | Dec 13, 2018 | A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb | ||
| CVE-2018-19489 | — | < 2.11.2-5.8.1 | 2.11.2-5.8.1 | Dec 13, 2018 | v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | ||
| CVE-2018-19364 | — | < 2.11.2-5.8.1 | 2.11.2-5.8.1 | Dec 13, 2018 | hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | ||
| CVE-2018-18954 | — | < 2.11.2-5.8.1 | 2.11.2-5.8.1 | Nov 15, 2018 | The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. | ||
| CVE-2018-16847 | — | < 2.11.2-5.5.1 | 2.11.2-5.5.1 | Nov 2, 2018 | An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privil | ||
| CVE-2018-10839 | — | < 2.11.2-5.5.1 | 2.11.2-5.5.1 | Oct 16, 2018 | Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting | ||
| CVE-2018-17963 | Cri | 9.8 | < 2.11.2-5.5.1 | 2.11.2-5.5.1 | Oct 9, 2018 | qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |
| CVE-2018-17962 | Hig | 7.5 | < 2.11.2-5.5.1 | 2.11.2-5.5.1 | Oct 9, 2018 | Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. | |
| CVE-2018-17958 | Hig | 7.5 | < 2.11.2-5.5.1 | 2.11.2-5.5.1 | Oct 9, 2018 | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | |
| CVE-2018-15746 | Med | 5.5 | < 2.11.2-5.5.1 | 2.11.2-5.5.1 | Aug 29, 2018 | qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. |
- CVE-2019-6778Mar 17, 2019affected < 2.11.2-5.8.1fixed 2.11.2-5.8.1
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
- CVE-2019-3812Feb 19, 2019affected < 2.11.2-5.13.1fixed 2.11.2-5.13.1
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the
- CVE-2018-20126Dec 20, 2018affected < 2.11.2-5.23.2fixed 2.11.2-5.23.2
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.
- CVE-2018-16872Dec 13, 2018affected < 2.11.2-5.8.1fixed 2.11.2-5.8.1
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb
- CVE-2018-19489Dec 13, 2018affected < 2.11.2-5.8.1fixed 2.11.2-5.8.1
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
- CVE-2018-19364Dec 13, 2018affected < 2.11.2-5.8.1fixed 2.11.2-5.8.1
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
- CVE-2018-18954Nov 15, 2018affected < 2.11.2-5.8.1fixed 2.11.2-5.8.1
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
- CVE-2018-16847Nov 2, 2018affected < 2.11.2-5.5.1fixed 2.11.2-5.5.1
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privil
- CVE-2018-10839Oct 16, 2018affected < 2.11.2-5.5.1fixed 2.11.2-5.5.1
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting
- affected < 2.11.2-5.5.1fixed 2.11.2-5.5.1
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
- affected < 2.11.2-5.5.1fixed 2.11.2-5.5.1
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
- affected < 2.11.2-5.5.1fixed 2.11.2-5.5.1
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
- affected < 2.11.2-5.5.1fixed 2.11.2-5.5.1
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
Page 4 of 4