rpm package
suse/qemu&distro=SUSE Linux Enterprise Module for Server Applications 15 SP5
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5
Vulnerabilities (20)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-3447 | Med | 6.0 | < 7.1.0-150500.49.15.1 | 7.1.0-150500.49.15.1 | Nov 14, 2024 | A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on t | |
| CVE-2024-8612 | Low | 3.8 | < 7.1.0-150500.49.24.1 | 7.1.0-150500.49.24.1 | Sep 20, 2024 | A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. | |
| CVE-2024-8354 | — | < 7.1.0-150500.49.24.1 | 7.1.0-150500.49.24.1 | Sep 19, 2024 | A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of serv | ||
| CVE-2024-7409 | Hig | 7.5 | < 7.1.0-150500.49.24.1 | 7.1.0-150500.49.24.1 | Aug 5, 2024 | A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. | |
| CVE-2024-4467 | Hig | 7.8 | < 7.1.0-150500.49.18.1 | 7.1.0-150500.49.18.1 | Jul 2, 2024 | A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of | |
| CVE-2024-3446 | Hig | 8.2 | < 7.1.0-150500.49.15.1 | 7.1.0-150500.49.15.1 | Apr 9, 2024 | A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU proce | |
| CVE-2024-24474 | — | < 7.1.0-150500.49.12.1 | 7.1.0-150500.49.12.1 | Feb 20, 2024 | QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. | ||
| CVE-2024-26328 | — | < 7.1.0-150500.49.12.1 | 7.1.0-150500.49.12.1 | Feb 19, 2024 | An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. | ||
| CVE-2024-26327 | — | < 7.1.0-150500.49.12.1 | 7.1.0-150500.49.12.1 | Feb 19, 2024 | An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. | ||
| CVE-2023-6683 | — | < 7.1.0-150500.49.15.1 | 7.1.0-150500.49.15.1 | Jan 12, 2024 | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. | ||
| CVE-2023-6693 | — | < 7.1.0-150500.49.12.1 | 7.1.0-150500.49.12.1 | Jan 2, 2024 | A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious use | ||
| CVE-2023-2861 | — | < 7.1.0-150500.49.6.1 | 7.1.0-150500.49.6.1 | Dec 6, 2023 | A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the share | ||
| CVE-2023-3255 | — | < 7.1.0-150500.49.6.1 | 7.1.0-150500.49.6.1 | Sep 13, 2023 | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is | ||
| CVE-2023-3301 | — | < 7.1.0-150500.49.6.1 | 7.1.0-150500.49.6.1 | Sep 13, 2023 | A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service. | ||
| CVE-2023-3180 | — | < 7.1.0-150500.49.9.2 | 7.1.0-150500.49.9.2 | Aug 3, 2023 | A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the | ||
| CVE-2023-3019 | Med | 6.0 | < 7.1.0-150500.49.15.1 | 7.1.0-150500.49.15.1 | Jul 24, 2023 | A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. | |
| CVE-2023-3354 | — | < 7.1.0-150500.49.9.2 | 7.1.0-150500.49.9.2 | Jul 11, 2023 | A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake ph | ||
| CVE-2023-1544 | — | < 7.1.0-150500.49.12.1 | 7.1.0-150500.49.12.1 | Mar 23, 2023 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds re | ||
| CVE-2023-0330 | — | < 7.1.0-150500.49.6.1 | 7.1.0-150500.49.6.1 | Mar 6, 2023 | A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | ||
| CVE-2021-3638 | — | < 7.1.0-150500.49.9.2 | 7.1.0-150500.49.9.2 | Mar 3, 2022 | An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this |
- affected < 7.1.0-150500.49.15.1fixed 7.1.0-150500.49.15.1
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on t
- affected < 7.1.0-150500.49.24.1fixed 7.1.0-150500.49.24.1
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest.
- CVE-2024-8354Sep 19, 2024affected < 7.1.0-150500.49.24.1fixed 7.1.0-150500.49.24.1
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of serv
- affected < 7.1.0-150500.49.24.1fixed 7.1.0-150500.49.24.1
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
- affected < 7.1.0-150500.49.18.1fixed 7.1.0-150500.49.18.1
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of
- affected < 7.1.0-150500.49.15.1fixed 7.1.0-150500.49.15.1
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU proce
- CVE-2024-24474Feb 20, 2024affected < 7.1.0-150500.49.12.1fixed 7.1.0-150500.49.12.1
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.
- CVE-2024-26328Feb 19, 2024affected < 7.1.0-150500.49.12.1fixed 7.1.0-150500.49.12.1
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.
- CVE-2024-26327Feb 19, 2024affected < 7.1.0-150500.49.12.1fixed 7.1.0-150500.49.12.1
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.
- CVE-2023-6683Jan 12, 2024affected < 7.1.0-150500.49.15.1fixed 7.1.0-150500.49.15.1
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference.
- CVE-2023-6693Jan 2, 2024affected < 7.1.0-150500.49.12.1fixed 7.1.0-150500.49.12.1
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious use
- CVE-2023-2861Dec 6, 2023affected < 7.1.0-150500.49.6.1fixed 7.1.0-150500.49.6.1
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the share
- CVE-2023-3255Sep 13, 2023affected < 7.1.0-150500.49.6.1fixed 7.1.0-150500.49.6.1
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is
- CVE-2023-3301Sep 13, 2023affected < 7.1.0-150500.49.6.1fixed 7.1.0-150500.49.6.1
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
- CVE-2023-3180Aug 3, 2023affected < 7.1.0-150500.49.9.2fixed 7.1.0-150500.49.9.2
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the
- affected < 7.1.0-150500.49.15.1fixed 7.1.0-150500.49.15.1
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
- CVE-2023-3354Jul 11, 2023affected < 7.1.0-150500.49.9.2fixed 7.1.0-150500.49.9.2
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake ph
- CVE-2023-1544Mar 23, 2023affected < 7.1.0-150500.49.12.1fixed 7.1.0-150500.49.12.1
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds re
- CVE-2023-0330Mar 6, 2023affected < 7.1.0-150500.49.6.1fixed 7.1.0-150500.49.6.1
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.
- CVE-2021-3638Mar 3, 2022affected < 7.1.0-150500.49.9.2fixed 7.1.0-150500.49.9.2
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this