rpm package
suse/qemu&distro=SUSE Linux Enterprise Real Time 15 SP3
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4144 | — | < 5.2.0-150300.121.2 | 5.2.0-150300.121.2 | Nov 29, 2022 | An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious gue | ||
| CVE-2022-0216 | — | < 5.2.0-150300.121.2 | 5.2.0-150300.121.2 | Aug 26, 2022 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest | ||
| CVE-2021-3929 | — | < 5.2.0-150300.121.2 | 5.2.0-150300.121.2 | Aug 25, 2022 | A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. | ||
| CVE-2020-14394 | — | < 5.2.0-150300.121.2 | 5.2.0-150300.121.2 | Aug 17, 2022 | An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. | ||
| CVE-2022-1050 | — | < 5.2.0-150300.121.2 | 5.2.0-150300.121.2 | Mar 29, 2022 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition. | ||
| CVE-2021-3507 | — | < 5.2.0-150300.121.2 | 5.2.0-150300.121.2 | May 6, 2021 | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f |
- CVE-2022-4144Nov 29, 2022affected < 5.2.0-150300.121.2fixed 5.2.0-150300.121.2
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious gue
- CVE-2022-0216Aug 26, 2022affected < 5.2.0-150300.121.2fixed 5.2.0-150300.121.2
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest
- CVE-2021-3929Aug 25, 2022affected < 5.2.0-150300.121.2fixed 5.2.0-150300.121.2
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue.
- CVE-2020-14394Aug 17, 2022affected < 5.2.0-150300.121.2fixed 5.2.0-150300.121.2
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
- CVE-2022-1050Mar 29, 2022affected < 5.2.0-150300.121.2fixed 5.2.0-150300.121.2
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.
- CVE-2021-3507May 6, 2021affected < 5.2.0-150300.121.2fixed 5.2.0-150300.121.2
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this f