Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:16268
[Rus]
Version
6
Class
patch
ALTXid
169132
Language
English
Severity
High
Title
SUSE-SU-2017:3084-1 -- Security update for kvm
Description
This update for kvm fixes several issues.
Family
unix
Platform
SUSE Linux Enterprise Server 11
Product
kvm
Reference
VENDOR: SUSE-SU-2017:3084-1
VENDOR: SUSE-SU-2017:3084-1
Id:
SUSE-SU-2017:3084-1
Reference:
https://www.suse.com/support/update/announcement/2017/suse-su-20173084-1.html
CVE: CVE-2017-2620
CVE: CVE-2017-2620
Id:
CVE-2017-2620
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2620
Comment
: Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
CVSSv2 Score:
9
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3 Score:
9.9
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://xenbits.xen.org/xsa/advisory-209.html (CONFIRM)
[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620) (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620 (CONFIRM)
[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo (MLIST)
https://support.citrix.com/article/CTX220771 (CONFIRM)
GLSA-201704-01 (GENTOO)
GLSA-201703-07 (GENTOO)
[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update (MLIST)
1037870 (SECTRACK)
96378 (BID)
RHSA-2017:0454 (REDHAT)
RHSA-2017:0396 (REDHAT)
RHSA-2017:0352 (REDHAT)
RHSA-2017:0351 (REDHAT)
RHSA-2017:0350 (REDHAT)
RHSA-2017:0334 (REDHAT)
RHSA-2017:0333 (REDHAT)
RHSA-2017:0332 (REDHAT)
RHSA-2017:0331 (REDHAT)
RHSA-2017:0330 (REDHAT)
RHSA-2017:0329 (REDHAT)
RHSA-2017:0328 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-2615
CVE: CVE-2017-2615
Id:
CVE-2017-2615
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2615
Comment
: Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
CVSSv2 Score:
9
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3 Score:
9.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
[qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615) (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615 (CONFIRM)
[oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode (MLIST)
https://support.citrix.com/article/CTX220771 (CONFIRM)
GLSA-201702-28 (GENTOO)
GLSA-201702-27 (GENTOO)
1037804 (SECTRACK)
95990 (BID)
RHSA-2017:0454 (REDHAT)
RHSA-2017:0396 (REDHAT)
RHSA-2017:0350 (REDHAT)
RHSA-2017:0344 (REDHAT)
RHSA-2017:0334 (REDHAT)
RHSA-2017:0333 (REDHAT)
RHSA-2017:0332 (REDHAT)
RHSA-2017:0331 (REDHAT)
RHSA-2017:0330 (REDHAT)
RHSA-2017:0329 (REDHAT)
RHSA-2017:0328 (REDHAT)
RHSA-2017:0309 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9776
CVE: CVE-2016-9776
Id:
CVE-2016-9776
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9776
Comment
: QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
[qemu-devel] 20161130 [PATCH] net: mcf: check receive buffer size register value (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1400829 (CONFIRM)
94638 (BID)
[oss-security] 20161202 Re: CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive (MLIST)
[oss-security] 20161202 CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive (MLIST)
GLSA-201701-49 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9911
CVE: CVE-2016-9911
Id:
CVE-2016-9911
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9911
Comment
: Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
94762 (BID)
[oss-security] 20161208 Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer (MLIST)
GLSA-201701-49 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9907
CVE: CVE-2016-9907
Id:
CVE-2016-9907
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9907
Comment
: Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
94759 (BID)
[oss-security] 20161208 Re: CVE request Qemu: usb: redirector: memory leakage when destroying (MLIST)
GLSA-201701-49 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9921
CVE: CVE-2016-9921
Id:
CVE-2016-9921
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9921
Comment
: Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
369 (Divide By Zero)
References:
94803 (BID)
[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy (MLIST)
GLSA-201701-49 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9922
CVE: CVE-2016-9922
Id:
CVE-2016-9922
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9922
Comment
: The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
369 (Divide By Zero)
References:
[qemu-devel] 20161205 [PULL 4/4] display: cirrus: check vga bits per pixel(bpp) value (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1334398 (CONFIRM)
94803 (BID)
[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy (MLIST)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (MISC)
CVE: CVE-2017-5898
CVE: CVE-2017-5898
Id:
CVE-2017-5898
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5898
Comment
: Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
GLSA-201702-28 (GENTOO)
https://bugzilla.redhat.com/show_bug.cgi?id=1419699 (CONFIRM)
96112 (BID)
[oss-security] 20170207 Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest (MLIST)
SUSE-SU-2017:0582 (SUSE)
SUSE-SU-2017:0570 (SUSE)
RHSA-2017:2392 (REDHAT)
RHSA-2017:1856 (REDHAT)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=c7dfbf322595ded4e70b626bf83158a9f3807c6a ()
CVE: CVE-2016-10155
CVE: CVE-2016-10155
Id:
CVE-2016-10155
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10155
Comment
: Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
95770 (BID)
[oss-security] 20170120 Re: CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb (MLIST)
[oss-security] 20170120 CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb (MLIST)
GLSA-201702-28 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e ()
CVE: CVE-2017-5856
CVE: CVE-2017-5856
Id:
CVE-2017-5856
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5856
Comment
: Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1418342 (CONFIRM)
[oss-security] 20170202 Re: CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd (MLIST)
[oss-security] 20170201 CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd (MLIST)
95999 (BID)
GLSA-201702-28 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3 (MISC)
CVE: CVE-2016-9602
CVE: CVE-2016-9602
Id:
CVE-2016-9602
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9602
Comment
: Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
CVSSv2 Score:
9
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
59 (Improper Link Resolution Before File Access ('Link Following'))
References:
[qemu-devel] 20170220 [PATCH 00/29] 9pfs: local: fix vulnerability to symlink attacks (MLIST)
[qemu-devel] 20170130 [PATCH RFC 00/36] 9pfs: local: fix vulnerability to symlink attacks (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602 (CONFIRM)
[oss-security] 20170117 CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem (MLIST)
GLSA-201704-01 (GENTOO)
1037604 (SECTRACK)
95461 (BID)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9603
CVE: CVE-2016-9603
Id:
CVE-2016-9603
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9603
Comment
: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
CVSSv2 Score:
9
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3 Score:
9.9
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603 (CONFIRM)
https://support.citrix.com/article/CTX221578 (CONFIRM)
GLSA-201706-03 (GENTOO)
[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update (MLIST)
RHSA-2017:1441 (REDHAT)
RHSA-2017:1206 (REDHAT)
RHSA-2017:1205 (REDHAT)
RHSA-2017:0988 (REDHAT)
RHSA-2017:0987 (REDHAT)
RHSA-2017:0985 (REDHAT)
RHSA-2017:0984 (REDHAT)
RHSA-2017:0983 (REDHAT)
RHSA-2017:0982 (REDHAT)
RHSA-2017:0981 (REDHAT)
RHSA-2017:0980 (REDHAT)
1038023 (SECTRACK)
96893 (BID)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-10664
CVE: CVE-2017-10664
Id:
CVE-2017-10664
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664
Comment
: qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
[qemu-devel] 20170611 [PATCH] qemu-nbd: Ignore SIGPIPE (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1466190 (MISC)
99513 (BID)
[oss-security] 20170629 CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort (MLIST)
DSA-3920 (DEBIAN)
RHSA-2017:3474 (REDHAT)
RHSA-2017:3473 (REDHAT)
RHSA-2017:3472 (REDHAT)
RHSA-2017:3471 (REDHAT)
RHSA-2017:3470 (REDHAT)
RHSA-2017:3466 (REDHAT)
RHSA-2017:2445 (REDHAT)
RHSA-2017:2390 (REDHAT)
[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update (MLIST)
CVE: CVE-2017-10806
CVE: CVE-2017-10806
Id:
CVE-2017-10806
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806
Comment
: Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
[qemu-devel] 20170512 [PULL 2/6] usb-redir: fix stack overflow in usbredir_log_data (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1468496 (CONFIRM)
99475 (BID)
[oss-security] 20170707 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging (MLIST)
DSA-3925 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-11334
CVE: CVE-2017-11334
Id:
CVE-2017-11334
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334
Comment
: The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
4.4
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
[qemu-devel] 20170713 [PULL 21/41] exec: use qemu_ram_ptr_length to access guest ram (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1471638 (CONFIRM)
[oss-security] 20170717 CVE-2017-11334 Qemu: exec: oob access during dma operation (MLIST)
99895 (BID)
DSA-3925 (DEBIAN)
RHSA-2017:3369 (REDHAT)
RHSA-2017:3474 (REDHAT)
RHSA-2017:3473 (REDHAT)
RHSA-2017:3472 (REDHAT)
RHSA-2017:3471 (REDHAT)
RHSA-2017:3470 (REDHAT)
RHSA-2017:3466 (REDHAT)
USN-3575-1 (UBUNTU)
CVE: CVE-2017-11434
CVE: CVE-2017-11434
Id:
CVE-2017-11434
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434
Comment
: The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
[qemu-devel] 20170717 [PATCH] slirp: check len against dhcp options array end (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1472611 (CONFIRM)
[oss-security] 20170719 CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options (MLIST)
99923 (BID)
DSA-3925 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-13672
CVE: CVE-2017-13672
Id:
CVE-2017-13672
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13672
Comment
: QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
[qemu-devel] 20170824 [PATCH] vga: stop passing pointers to vga_draw_line* functions (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1486560 (CONFIRM)
[oss-security] 20170830 CVE-2017-13672 Qemu: vga: OOB read access during display update (MLIST)
100540 (BID)
DSA-3991 (DEBIAN)
USN-3575-1 (UBUNTU)
RHSA-2018:1104 (REDHAT)
RHSA-2018:0816 (REDHAT)
RHSA-2018:1113 (REDHAT)
RHSA-2018:2162 (REDHAT)
openSUSE-SU-2019:1074 (SUSE)
CVE: CVE-2017-14167
CVE: CVE-2017-14167
Id:
CVE-2017-14167
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167
Comment
: Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
8.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
[qemu-devel] 20170905 [PATCH] multiboot: validate multiboot header address values (MLIST)
[oss-security] 20170907 CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image (MLIST)
100694 (BID)
DSA-3991 (DEBIAN)
RHSA-2017:3369 (REDHAT)
RHSA-2017:3368 (REDHAT)
RHSA-2017:3474 (REDHAT)
RHSA-2017:3473 (REDHAT)
RHSA-2017:3472 (REDHAT)
RHSA-2017:3471 (REDHAT)
RHSA-2017:3470 (REDHAT)
RHSA-2017:3466 (REDHAT)
USN-3575-1 (UBUNTU)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-15038
CVE: CVE-2017-15038
Id:
CVE-2017-15038
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038
Comment
: Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.6
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
[qemu-devel] 20171004 Re: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr (MLIST)
[oss-security] 20171006 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes (MLIST)
USN-3575-1 (UBUNTU)
DSA-4213 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-15289
CVE: CVE-2017-15289
Id:
CVE-2017-15289
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15289
Comment
: The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
[qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1501290 (CONFIRM)
[oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions (MLIST)
101262 (BID)
RHSA-2017:3369 (REDHAT)
RHSA-2017:3368 (REDHAT)
RHSA-2017:3474 (REDHAT)
RHSA-2017:3473 (REDHAT)
RHSA-2017:3472 (REDHAT)
RHSA-2017:3471 (REDHAT)
RHSA-2017:3470 (REDHAT)
RHSA-2017:3466 (REDHAT)
RHSA-2018:0516 (REDHAT)
USN-3575-1 (UBUNTU)
DSA-4213 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-5579
CVE: CVE-2017-5579
Id:
CVE-2017-5579
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5579
Comment
: Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
95780 (BID)
[oss-security] 20170125 Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation (MLIST)
[oss-security] 20170124 CVE request Qemu: serial: host memory leakage in 16550A UART emulation (MLIST)
GLSA-201702-28 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b (MISC)
CVE: CVE-2017-5973
CVE: CVE-2017-5973
Id:
CVE-2017-5973
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5973
Comment
: The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
[qemu-devel] 20170206 [PATCH] xhci: apply limits to loops (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1421626 (CONFIRM)
96220 (BID)
[oss-security] 20170214 CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx (MLIST)
GLSA-201704-01 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b ()
CVE: CVE-2017-6505
CVE: CVE-2017-6505
Id:
CVE-2017-6505
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6505
Comment
: The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1429432 (CONFIRM)
[oss-security] 20170306 CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list (MLIST)
96611 (BID)
GLSA-201704-01 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb ()
CVE: CVE-2017-7471
CVE: CVE-2017-7471
Id:
CVE-2017-7471
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7471
Comment
: Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
CVSSv2 Score:
7.7
Access vector:
ADJACENT_NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSSv3 Score:
9
Attack vector:
ADJACENT_NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
732 (Incorrect Permission Assignment for Critical Resource)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471 (CONFIRM)
[oss-security] 20170419 CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host (MLIST)
GLSA-201706-03 (GENTOO)
97970 (BID)
https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9c6b899f7a46893ab3b671e341a2234e9c0c060e (MISC)
CVE: CVE-2017-7493
CVE: CVE-2017-7493
Id:
CVE-2017-7493
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7493
Comment
: Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
732 (Incorrect Permission Assignment for Critical Resource)
References:
[qemu-devel] 20170516 [PULL] 9pfs: local: forbid client access to metadata (CVE-2017-7493) (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1451709 (CONFIRM)
[oss-security] 20170517 CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode (MLIST)
98574 (BID)
GLSA-201706-03 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-7718
CVE: CVE-2017-7718
Id:
CVE-2017-7718
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7718
Comment
: hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1443441 (CONFIRM)
[oss-security] 20170419 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue (MLIST)
97957 (BID)
GLSA-201706-03 (GENTOO)
RHSA-2017:1441 (REDHAT)
RHSA-2017:1431 (REDHAT)
RHSA-2017:1430 (REDHAT)
RHSA-2017:1206 (REDHAT)
RHSA-2017:1205 (REDHAT)
RHSA-2017:0988 (REDHAT)
RHSA-2017:0984 (REDHAT)
RHSA-2017:0983 (REDHAT)
RHSA-2017:0982 (REDHAT)
RHSA-2017:0981 (REDHAT)
RHSA-2017:0980 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904 ()
CVE: CVE-2017-7980
CVE: CVE-2017-7980
Id:
CVE-2017-7980
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7980
Comment
: Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1430056 (CONFIRM)
[oss-security] 20170421 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines (MLIST)
USN-3289-1 (UBUNTU)
GLSA-201706-03 (GENTOO)
97955 (BID)
https://support.citrix.com/article/CTX230138 (CONFIRM)
102129 (BID)
RHSA-2017:1441 (REDHAT)
RHSA-2017:1430 (REDHAT)
RHSA-2017:1206 (REDHAT)
RHSA-2017:1205 (REDHAT)
RHSA-2017:0988 (REDHAT)
RHSA-2017:0984 (REDHAT)
RHSA-2017:0983 (REDHAT)
RHSA-2017:0982 (REDHAT)
RHSA-2017:0981 (REDHAT)
RHSA-2017:0980 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-8086
CVE: CVE-2017-8086
Id:
CVE-2017-8086
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8086
Comment
: Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
[qemu-devel] 20170410 [PULL] 9pfs: xattr: fix memory leak in v9fs_list_xattr (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1444781 (CONFIRM)
98012 (BID)
[oss-security] 20170425 CVE-2017-8086 Qemu: 9pfs: host memory leakage via v9pfs_list_xattr (MLIST)
GLSA-201706-03 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 ()
CVE: CVE-2017-8309
CVE: CVE-2017-8309
Id:
CVE-2017-8309
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8309
Comment
: Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
[qemu-devel] 20170428 [PATCH] audio: release capture buffers (MLIST)
98302 (BID)
GLSA-201706-03 (GENTOO)
RHSA-2017:2408 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-9330
CVE: CVE-2017-9330
Id:
CVE-2017-9330
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9330
Comment
: QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.6
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1457697 (CONFIRM)
[oss-security] 20170601 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value (MLIST)
98779 (BID)
GLSA-201706-03 (GENTOO)
DSA-3920 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d ()
CVE: CVE-2017-9373
CVE: CVE-2017-9373
Id:
CVE-2017-9373
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9373
Comment
: Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1458270 (CONFIRM)
98921 (BID)
[oss-security] 20170605 CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug (MLIST)
DSA-3920 (DEBIAN)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d68f0f778e7f4fbd674627274267f269e40f0b04 ()
CVE: CVE-2017-9375
CVE: CVE-2017-9375
Id:
CVE-2017-9375
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9375
Comment
: QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1458744 (CONFIRM)
98915 (BID)
[oss-security] 20170605 CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep (MLIST)
DSA-3991 (DEBIAN)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20190920 [SECURITY] [DLA 1927-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=96d87bdda3919bb16f754b3d3fd1227e1f38f13c ()
CVE: CVE-2017-9503
CVE: CVE-2017-9503
Id:
CVE-2017-9503
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9503
Comment
: QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
[qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas (MLIST)
[qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1459477 (CONFIRM)
[oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command (MLIST)
99010 (BID)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update (MLIST)
Content available only for registered users!
ovaldb@altx-soft.com