rpm package
suse/qemu&distro=SUSE Enterprise Storage 7
pkg:rpm/suse/qemu&distro=SUSE%20Enterprise%20Storage%207
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4144 | — | < 4.2.1-150200.72.2 | 4.2.1-150200.72.2 | Nov 29, 2022 | An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious gue | ||
| CVE-2022-0216 | — | < 4.2.1-150200.69.1 | 4.2.1-150200.69.1 | Aug 26, 2022 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest | ||
| CVE-2022-35414 | — | < 4.2.1-150200.69.1 | 4.2.1-150200.69.1 | Jul 11, 2022 | softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-v | ||
| CVE-2021-4206 | — | < 4.2.1-150200.69.1 | 4.2.1-150200.69.1 | Apr 29, 2022 | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th | ||
| CVE-2021-4207 | — | < 4.2.1-150200.69.1 | 4.2.1-150200.69.1 | Apr 29, 2022 | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg | ||
| CVE-2021-3507 | — | < 4.2.1-150200.72.2 | 4.2.1-150200.72.2 | May 6, 2021 | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f | ||
| CVE-2021-3409 | — | < 4.2.1-150200.69.1 | 4.2.1-150200.69.1 | Mar 23, 2021 | The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on t |
- CVE-2022-4144Nov 29, 2022affected < 4.2.1-150200.72.2fixed 4.2.1-150200.72.2
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious gue
- CVE-2022-0216Aug 26, 2022affected < 4.2.1-150200.69.1fixed 4.2.1-150200.69.1
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest
- CVE-2022-35414Jul 11, 2022affected < 4.2.1-150200.69.1fixed 4.2.1-150200.69.1
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-v
- CVE-2021-4206Apr 29, 2022affected < 4.2.1-150200.69.1fixed 4.2.1-150200.69.1
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
- CVE-2021-4207Apr 29, 2022affected < 4.2.1-150200.69.1fixed 4.2.1-150200.69.1
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
- CVE-2021-3507May 6, 2021affected < 4.2.1-150200.72.2fixed 4.2.1-150200.72.2
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f
- CVE-2021-3409Mar 23, 2021affected < 4.2.1-150200.69.1fixed 4.2.1-150200.69.1
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on t