rpm package
suse/qemu&distro=SUSE Manager Server 4.3
pkg:rpm/suse/qemu&distro=SUSE%20Manager%20Server%204.3
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-3447 | Med | 6.0 | < 6.2.0-150400.37.29.1 | 6.2.0-150400.37.29.1 | Nov 14, 2024 | A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on t | |
| CVE-2024-8612 | Low | 3.8 | < 6.2.0-150400.37.37.3 | 6.2.0-150400.37.37.3 | Sep 20, 2024 | A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. | |
| CVE-2024-8354 | — | < 6.2.0-150400.37.37.3 | 6.2.0-150400.37.37.3 | Sep 19, 2024 | A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of serv | ||
| CVE-2024-7409 | Hig | 7.5 | < 6.2.0-150400.37.37.3 | 6.2.0-150400.37.37.3 | Aug 5, 2024 | A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. | |
| CVE-2024-4467 | Hig | 7.8 | < 6.2.0-150400.37.34.1 | 6.2.0-150400.37.34.1 | Jul 2, 2024 | A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of | |
| CVE-2024-3446 | Hig | 8.2 | < 6.2.0-150400.37.29.1 | 6.2.0-150400.37.29.1 | Apr 9, 2024 | A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU proce | |
| CVE-2024-24474 | — | < 6.2.0-150400.37.29.1 | 6.2.0-150400.37.29.1 | Feb 20, 2024 | QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. | ||
| CVE-2023-6683 | — | < 6.2.0-150400.37.29.1 | 6.2.0-150400.37.29.1 | Jan 12, 2024 | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. | ||
| CVE-2023-3019 | Med | 6.0 | < 6.2.0-150400.37.29.1 | 6.2.0-150400.37.29.1 | Jul 24, 2023 | A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. |
- affected < 6.2.0-150400.37.29.1fixed 6.2.0-150400.37.29.1
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on t
- affected < 6.2.0-150400.37.37.3fixed 6.2.0-150400.37.37.3
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest.
- CVE-2024-8354Sep 19, 2024affected < 6.2.0-150400.37.37.3fixed 6.2.0-150400.37.37.3
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of serv
- affected < 6.2.0-150400.37.37.3fixed 6.2.0-150400.37.37.3
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.
- affected < 6.2.0-150400.37.34.1fixed 6.2.0-150400.37.34.1
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of
- affected < 6.2.0-150400.37.29.1fixed 6.2.0-150400.37.29.1
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU proce
- CVE-2024-24474Feb 20, 2024affected < 6.2.0-150400.37.29.1fixed 6.2.0-150400.37.29.1
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.
- CVE-2023-6683Jan 12, 2024affected < 6.2.0-150400.37.29.1fixed 6.2.0-150400.37.29.1
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference.
- affected < 6.2.0-150400.37.29.1fixed 6.2.0-150400.37.29.1
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.