rpm package
suse/qemu&distro=SUSE Manager Proxy 4.0
pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Proxy%204.0
Vulnerabilities (37)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3611 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | May 11, 2022 | A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability | ||
| CVE-2021-3582 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Mar 25, 2022 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threa | ||
| CVE-2021-20257 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Mar 16, 2022 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re | ||
| CVE-2021-3608 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Feb 24, 2022 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitiali | ||
| CVE-2021-3607 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Feb 24, 2022 | An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make | ||
| CVE-2021-3595 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3594 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound | ||
| CVE-2021-3593 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3592 | — | < 3.1.1.1-9.30.2 | 3.1.1.1-9.30.2 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this | ||
| CVE-2021-20221 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | May 13, 2021 | An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide | ||
| CVE-2021-20181 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | May 13, 2021 | A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to con | ||
| CVE-2021-3416 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Mar 18, 2021 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles | ||
| CVE-2021-20203 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Feb 25, 2021 | An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the hos | ||
| CVE-2020-29443 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Jan 22, 2021 | ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | ||
| CVE-2020-11947 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Dec 31, 2020 | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | ||
| CVE-2020-27821 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Dec 8, 2020 | A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the | ||
| CVE-2020-28916 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Dec 4, 2020 | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | ||
| CVE-2020-25723 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Dec 2, 2020 | A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the | ||
| CVE-2020-25624 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Nov 30, 2020 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. | ||
| CVE-2020-29129 | — | < 3.1.1.1-9.24.3 | 3.1.1.1-9.24.3 | Nov 26, 2020 | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. |
- CVE-2021-3611May 11, 2022affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability
- CVE-2021-3582Mar 25, 2022affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to crash the QEMU process on the host. The highest threa
- CVE-2021-20257Mar 16, 2022affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
- CVE-2021-3608Feb 24, 2022affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitiali
- CVE-2021-3607Feb 24, 2022affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make
- CVE-2021-3595Jun 15, 2021affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
- CVE-2021-3594Jun 15, 2021affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
- CVE-2021-3593Jun 15, 2021affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-boun
- CVE-2021-3592Jun 15, 2021affected < 3.1.1.1-9.30.2fixed 3.1.1.1-9.30.2
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
- CVE-2021-20221May 13, 2021affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide
- CVE-2021-20181May 13, 2021affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to con
- CVE-2021-3416Mar 18, 2021affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles
- CVE-2021-20203Feb 25, 2021affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the hos
- CVE-2020-29443Jan 22, 2021affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
- CVE-2020-11947Dec 31, 2020affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
- CVE-2020-27821Dec 8, 2020affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the
- CVE-2020-28916Dec 4, 2020affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
- CVE-2020-25723Dec 2, 2020affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the
- CVE-2020-25624Nov 30, 2020affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
- CVE-2020-29129Nov 26, 2020affected < 3.1.1.1-9.24.3fixed 3.1.1.1-9.24.3
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
Page 1 of 2