RSS   Vulnerabilities for 'QEMU'   RSS

2020-10-06
 
CVE-2020-25743

CWE-476
 

 
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

 
 
CVE-2020-25742

CWE-476
 

 
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.

 
2020-09-25
 
CVE-2020-25625

CWE-835
 

 
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.

 
 
CVE-2020-25085

CWE-787
 

 
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.

 
 
CVE-2020-25084

CWE-416
 

 
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.

 
2020-08-31
 
CVE-2020-14364

CWE-787
 

 
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

 
2020-08-27
 
CVE-2020-14415

CWE-369
 

 
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.

 
2020-08-11
 
CVE-2020-16092

CWE-20
 

 
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.

 
2020-07-28
 
CVE-2020-15863

CWE-120
 

 
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.

 
2020-07-21
 
CVE-2020-15859

CWE-416
 

 
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

 


Copyright 2020, cxsecurity.com

 

Back to Top