rpm package
suse/qemu&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (72)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-0216 | — | < 2.6.2-41.76.1 | 2.6.2-41.76.1 | Aug 26, 2022 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest | ||
| CVE-2021-3929 | — | < 2.6.2-41.76.1 | 2.6.2-41.76.1 | Aug 25, 2022 | A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. | ||
| CVE-2021-3611 | — | < 2.6.2-41.68.1 | 2.6.2-41.68.1 | May 11, 2022 | A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability | ||
| CVE-2021-4206 | — | < 2.6.2-41.76.1 | 2.6.2-41.76.1 | Apr 29, 2022 | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th | ||
| CVE-2021-4207 | — | < 2.6.2-41.76.1 | 2.6.2-41.76.1 | Apr 29, 2022 | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg | ||
| CVE-2021-20257 | — | < 2.6.2-41.62.1 | 2.6.2-41.62.1 | Mar 16, 2022 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re | ||
| CVE-2021-3682 | — | < 2.6.2-41.73.1 | 2.6.2-41.73.1 | Aug 5, 2021 | A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit | ||
| CVE-2021-3595 | — | < 2.6.2-41.68.1 | 2.6.2-41.68.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3594 | — | < 2.6.2-41.68.1 | 2.6.2-41.68.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound | ||
| CVE-2021-3593 | — | < 2.6.2-41.68.1 | 2.6.2-41.68.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-boun | ||
| CVE-2021-3592 | — | < 2.6.2-41.68.1 | 2.6.2-41.68.1 | Jun 15, 2021 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this | ||
| CVE-2020-35503 | — | < 2.6.2-41.73.1 | 2.6.2-41.73.1 | Jun 2, 2021 | A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest us | ||
| CVE-2020-35506 | — | < 2.6.2-41.73.1 | 2.6.2-41.73.1 | May 28, 2021 | A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting | ||
| CVE-2020-35505 | — | < 2.6.2-41.73.1 | 2.6.2-41.73.1 | May 28, 2021 | A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulti | ||
| CVE-2020-35504 | — | < 2.6.2-41.73.1 | 2.6.2-41.73.1 | May 28, 2021 | A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system avai | ||
| CVE-2021-3527 | — | < 2.6.2-41.73.1 | 2.6.2-41.73.1 | May 26, 2021 | A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array | ||
| CVE-2021-20221 | — | < 2.6.2-41.65.1 | 2.6.2-41.65.1 | May 13, 2021 | An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide | ||
| CVE-2021-20181 | — | < 2.6.2-41.62.1 | 2.6.2-41.62.1 | May 13, 2021 | A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to con | ||
| CVE-2021-3416 | — | < 2.6.2-41.62.1 | 2.6.2-41.62.1 | Mar 18, 2021 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles | ||
| CVE-2021-20255 | — | < 2.6.2-41.73.1 | 2.6.2-41.73.1 | Mar 9, 2021 | A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p |
- CVE-2022-0216Aug 26, 2022affected < 2.6.2-41.76.1fixed 2.6.2-41.76.1
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest
- CVE-2021-3929Aug 25, 2022affected < 2.6.2-41.76.1fixed 2.6.2-41.76.1
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue.
- CVE-2021-3611May 11, 2022affected < 2.6.2-41.68.1fixed 2.6.2-41.68.1
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability
- CVE-2021-4206Apr 29, 2022affected < 2.6.2-41.76.1fixed 2.6.2-41.76.1
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash th
- CVE-2021-4207Apr 29, 2022affected < 2.6.2-41.76.1fixed 2.6.2-41.76.1
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileg
- CVE-2021-20257Mar 16, 2022affected < 2.6.2-41.62.1fixed 2.6.2-41.62.1
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, re
- CVE-2021-3682Aug 5, 2021affected < 2.6.2-41.73.1fixed 2.6.2-41.73.1
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit
- CVE-2021-3595Jun 15, 2021affected < 2.6.2-41.68.1fixed 2.6.2-41.68.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-boun
- CVE-2021-3594Jun 15, 2021affected < 2.6.2-41.68.1fixed 2.6.2-41.68.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bound
- CVE-2021-3593Jun 15, 2021affected < 2.6.2-41.68.1fixed 2.6.2-41.68.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-boun
- CVE-2021-3592Jun 15, 2021affected < 2.6.2-41.68.1fixed 2.6.2-41.68.1
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this
- CVE-2020-35503Jun 2, 2021affected < 2.6.2-41.73.1fixed 2.6.2-41.73.1
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest us
- CVE-2020-35506May 28, 2021affected < 2.6.2-41.73.1fixed 2.6.2-41.73.1
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting
- CVE-2020-35505May 28, 2021affected < 2.6.2-41.73.1fixed 2.6.2-41.73.1
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulti
- CVE-2020-35504May 28, 2021affected < 2.6.2-41.73.1fixed 2.6.2-41.73.1
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system avai
- CVE-2021-3527May 26, 2021affected < 2.6.2-41.73.1fixed 2.6.2-41.73.1
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array
- CVE-2021-20221May 13, 2021affected < 2.6.2-41.65.1fixed 2.6.2-41.65.1
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide
- CVE-2021-20181May 13, 2021affected < 2.6.2-41.62.1fixed 2.6.2-41.62.1
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to con
- CVE-2021-3416Mar 18, 2021affected < 2.6.2-41.62.1fixed 2.6.2-41.62.1
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles
- CVE-2021-20255Mar 9, 2021affected < 2.6.2-41.73.1fixed 2.6.2-41.73.1
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU p
Page 1 of 4