Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:52685
[Rus]
Version
7
Class
patch
ALTXid
222925
Language
English
Severity
NotAvailable
Title
DLA-1497-1 -- qemu security update
Description
Several vulnerabilities were found in qemu, a fast processor emulator.
Family
unix
Platform
Debian 8
Product
qemu
Reference
VENDOR: DLA-1497-1
VENDOR: DLA-1497-1
Id:
DLA-1497-1
Reference:
https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201809/msg00007.html
CVE: CVE-2015-8666
CVE: CVE-2015-8666
Id:
CVE-2015-8666
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8666
Comment
: Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
CVSSv2 Score:
3.3
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:P/A:P
CVSSv3 Score:
7.9
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1283722 (CONFIRM)
79670 (BID)
[oss-security] 20151224 CVE request Qemu: acpi: heap based buffer overrun during VM migration (MLIST)
GLSA-201602-01 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb (MISC)
CVE: CVE-2016-2198
CVE: CVE-2016-2198
Id:
CVE-2016-2198
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2198
Comment
: QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
[qemu-devel] 20160129 [PATCH] usb: ehci: add capability mmio write function (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1301643 (CONFIRM)
[oss-security] 20160130 Re: CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write (MLIST)
[oss-security] 20160129 CVE request Qemu: usb: ehci null pointer dereference in ehci_caps_write (MLIST)
GLSA-201604-01 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-6833
CVE: CVE-2016-6833
Id:
CVE-2016-6833
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6833
Comment
: Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
4.4
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE:
416 (Use After Free)
References:
93255 (BID)
[oss-security] 20160817 Re: CVE request: Qemu net: vmxnet3: use after free while writing (MLIST)
[qemu-devel] 20160809 [PULL 2/3] net: vmxnet3: check for device_active before write (MLIST)
[oss-security] 20160812 CVE request: Qemu net: vmxnet3: use after free while writing (MLIST)
GLSA-201609-01 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8 (MISC)
CVE: CVE-2016-6835
CVE: CVE-2016-6835
Id:
CVE-2016-6835
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6835
Comment
: The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE:
CWE-Other ()
References:
[oss-security] 20160812 CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation (MLIST)
[qemu-devel] 20160810 Re: [PATCH] net: vmxnet: check IP header length (MLIST)
[oss-security] 20160817 Re: CVE request Qemu: buffer overflow in vmxnet_tx_pkt_parse_headers() in vmxnet3 device emulation (MLIST)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=93060258ae748573ca7197204125a2670047896d (MISC)
CVE: CVE-2016-8576
CVE: CVE-2016-8576
Id:
CVE-2016-8576
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8576
Comment
: The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE:
770 (Allocation of Resources Without Limits or Throttling)
References:
[qemu-devel] 20161007 Re: [PATCH] usb: xHCI: add check to limit command TRB processing (MLIST)
[oss-security] 20161010 Re: CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch (MLIST)
93469 (BID)
[oss-security] 20161010 CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch (MLIST)
openSUSE-SU-2016:3237 (SUSE)
GLSA-201611-11 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=05f43d44e4bc26611ce25fd7d726e483f73363ce (MISC)
CVE: CVE-2016-8667
CVE: CVE-2016-8667
Id:
CVE-2016-8667
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8667
Comment
: The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE:
369 (Divide By Zero)
References:
[oss-security] 20161014 CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick (MLIST)
[oss-security] 20161015 Re: CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick (MLIST)
[qemu-devel] 20161012 [PATCH] dma: rc4030: limit interval timer reload value (MLIST)
93567 (BID)
openSUSE-SU-2016:3237 (SUSE)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-8669
CVE: CVE-2016-8669
Id:
CVE-2016-8669
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8669
Comment
: The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE:
369 (Divide By Zero)
References:
[oss-security] 20161015 Re: CVE request Qemu: char: divide by zero error in serial_update_parameters (MLIST)
[oss-security] 20161014 CVE request Qemu: char: divide by zero error in serial_update_parameters (MLIST)
93563 (BID)
openSUSE-SU-2016:3237 (SUSE)
GLSA-201611-11 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=3592fe0c919cf27a81d8e9f9b4f269553418bb01 (MISC)
CVE: CVE-2016-9602
CVE: CVE-2016-9602
Id:
CVE-2016-9602
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9602
Comment
: Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
CVSSv2 Score:
9
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
59 (Improper Link Resolution Before File Access ('Link Following'))
References:
[qemu-devel] 20170220 [PATCH 00/29] 9pfs: local: fix vulnerability to symlink attacks (MLIST)
[qemu-devel] 20170130 [PATCH RFC 00/36] 9pfs: local: fix vulnerability to symlink attacks (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9602 (CONFIRM)
[oss-security] 20170117 CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem (MLIST)
GLSA-201704-01 (GENTOO)
1037604 (SECTRACK)
95461 (BID)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9603
CVE: CVE-2016-9603
Id:
CVE-2016-9603
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9603
Comment
: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
CVSSv2 Score:
9
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3 Score:
9.9
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603 (CONFIRM)
https://support.citrix.com/article/CTX221578 (CONFIRM)
GLSA-201706-03 (GENTOO)
[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update (MLIST)
RHSA-2017:1441 (REDHAT)
RHSA-2017:1206 (REDHAT)
RHSA-2017:1205 (REDHAT)
RHSA-2017:0988 (REDHAT)
RHSA-2017:0987 (REDHAT)
RHSA-2017:0985 (REDHAT)
RHSA-2017:0984 (REDHAT)
RHSA-2017:0983 (REDHAT)
RHSA-2017:0982 (REDHAT)
RHSA-2017:0981 (REDHAT)
RHSA-2017:0980 (REDHAT)
1038023 (SECTRACK)
96893 (BID)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9776
CVE: CVE-2016-9776
Id:
CVE-2016-9776
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9776
Comment
: QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
[qemu-devel] 20161130 [PATCH] net: mcf: check receive buffer size register value (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1400829 (CONFIRM)
94638 (BID)
[oss-security] 20161202 Re: CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive (MLIST)
[oss-security] 20161202 CVE request Qemu: net: mcf_fec: infinite loop while receiving data in mcf_fec_receive (MLIST)
GLSA-201701-49 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9907
CVE: CVE-2016-9907
Id:
CVE-2016-9907
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9907
Comment
: Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
94759 (BID)
[oss-security] 20161208 Re: CVE request Qemu: usb: redirector: memory leakage when destroying (MLIST)
GLSA-201701-49 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9911
CVE: CVE-2016-9911
Id:
CVE-2016-9911
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9911
Comment
: Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
94762 (BID)
[oss-security] 20161208 Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer (MLIST)
GLSA-201701-49 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9914
CVE: CVE-2016-9914
Id:
CVE-2016-9914
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9914
Comment
: Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend (MLIST)
[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks (MLIST)
[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks (MLIST)
94729 (BID)
GLSA-201701-49 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=702dbcc274e2ca43be20ba64c758c0ca57dab91d (MISC)
CVE: CVE-2016-9915
CVE: CVE-2016-9915
Id:
CVE-2016-9915
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9915
Comment
: Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend (MLIST)
[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks (MLIST)
[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks (MLIST)
94729 (BID)
GLSA-201701-49 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=971f406b77a6eb84e0ad27dcc416b663765aee30 (MISC)
CVE: CVE-2016-9916
CVE: CVE-2016-9916
Id:
CVE-2016-9916
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9916
Comment
: Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
[qemu-devel] 20161116 [PATCH v3 0/4] 9pfs: add cleanup operation in handle/proxy backend (MLIST)
[oss-security] 20161208 Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks (MLIST)
[oss-security] 20161207 CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks (MLIST)
94729 (BID)
GLSA-201701-49 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=898ae90a44551d25b8e956fd87372d303c82fe68 (MISC)
CVE: CVE-2016-9921
CVE: CVE-2016-9921
Id:
CVE-2016-9921
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9921
Comment
: Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
369 (Divide By Zero)
References:
94803 (BID)
[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy (MLIST)
GLSA-201701-49 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2016-9922
CVE: CVE-2016-9922
Id:
CVE-2016-9922
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9922
Comment
: The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
369 (Divide By Zero)
References:
[qemu-devel] 20161205 [PULL 4/4] display: cirrus: check vga bits per pixel(bpp) value (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1334398 (CONFIRM)
94803 (BID)
[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy (MLIST)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (MISC)
CVE: CVE-2016-10155
CVE: CVE-2016-10155
Id:
CVE-2016-10155
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10155
Comment
: Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
95770 (BID)
[oss-security] 20170120 Re: CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb (MLIST)
[oss-security] 20170120 CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb (MLIST)
GLSA-201702-28 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=eb7a20a3616085d46aa6b4b4224e15587ec67e6e ()
CVE: CVE-2017-2615
CVE: CVE-2017-2615
Id:
CVE-2017-2615
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2615
Comment
: Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
CVSSv2 Score:
9
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3 Score:
9.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
[qemu-devel] 20170201 [PATCH v3] cirrus: fix oob access issue (CVE-2017-2615) (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615 (CONFIRM)
[oss-security] 20170201 CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode (MLIST)
https://support.citrix.com/article/CTX220771 (CONFIRM)
GLSA-201702-28 (GENTOO)
GLSA-201702-27 (GENTOO)
1037804 (SECTRACK)
95990 (BID)
RHSA-2017:0454 (REDHAT)
RHSA-2017:0396 (REDHAT)
RHSA-2017:0350 (REDHAT)
RHSA-2017:0344 (REDHAT)
RHSA-2017:0334 (REDHAT)
RHSA-2017:0333 (REDHAT)
RHSA-2017:0332 (REDHAT)
RHSA-2017:0331 (REDHAT)
RHSA-2017:0330 (REDHAT)
RHSA-2017:0329 (REDHAT)
RHSA-2017:0328 (REDHAT)
RHSA-2017:0309 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-2620
CVE: CVE-2017-2620
Id:
CVE-2017-2620
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2620
Comment
: Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
CVSSv2 Score:
9
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSSv3 Score:
9.9
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://xenbits.xen.org/xsa/advisory-209.html (CONFIRM)
[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620) (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620 (CONFIRM)
[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo (MLIST)
https://support.citrix.com/article/CTX220771 (CONFIRM)
GLSA-201704-01 (GENTOO)
GLSA-201703-07 (GENTOO)
[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update (MLIST)
1037870 (SECTRACK)
96378 (BID)
RHSA-2017:0454 (REDHAT)
RHSA-2017:0396 (REDHAT)
RHSA-2017:0352 (REDHAT)
RHSA-2017:0351 (REDHAT)
RHSA-2017:0350 (REDHAT)
RHSA-2017:0334 (REDHAT)
RHSA-2017:0333 (REDHAT)
RHSA-2017:0332 (REDHAT)
RHSA-2017:0331 (REDHAT)
RHSA-2017:0330 (REDHAT)
RHSA-2017:0329 (REDHAT)
RHSA-2017:0328 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-5525
CVE: CVE-2017-5525
Id:
CVE-2017-5525
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5525
Comment
: Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
95671 (BID)
[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in ac97 device (MLIST)
[oss-security] 20170118 CVE request Qemu: audio: memory leakage in ac97 device (MLIST)
GLSA-201702-28 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=12351a91da97b414eec8cdb09f1d9f41e535a401 (MISC)
CVE: CVE-2017-5526
CVE: CVE-2017-5526
Id:
CVE-2017-5526
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5526
Comment
: Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
95669 (BID)
[oss-security] 20170118 Re: CVE request Qemu: audio: memory leakage in es1370 device (MLIST)
[oss-security] 20170118 CVE request Qemu: audio: memory leakage in es1370 device (MLIST)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da (MISC)
CVE: CVE-2017-5579
CVE: CVE-2017-5579
Id:
CVE-2017-5579
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5579
Comment
: Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
95780 (BID)
[oss-security] 20170125 Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation (MLIST)
[oss-security] 20170124 CVE request Qemu: serial: host memory leakage in 16550A UART emulation (MLIST)
GLSA-201702-28 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b (MISC)
CVE: CVE-2017-5667
CVE: CVE-2017-5667
Id:
CVE-2017-5667
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5667
Comment
: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1417559 (CONFIRM)
[oss-security] 20170212 Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer (MLIST)
[oss-security] 20170131 Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer (MLIST)
[oss-security] 20170130 CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer (MLIST)
95885 (BID)
GLSA-201702-28 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=42922105beb14c2fc58185ea022b9f72fb5465e9 (MISC)
CVE: CVE-2017-5715
CVE: CVE-2017-5715
Id:
CVE-2017-5715
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
Comment
: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.6
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE:
203 (Information Exposure Through Discrepancy)
References:
https://www.synology.com/support/security/Synology_SA_18_01 (CONFIRM)
https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/ (CONFIRM)
https://support.lenovo.com/us/en/solutions/LEN-18282 (CONFIRM)
https://support.f5.com/csp/article/K91229003 (CONFIRM)
https://spectreattack.com/ (MISC)
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr (CONFIRM)
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html (MISC)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 (CONFIRM)
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html (MISC)
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ (CONFIRM)
https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/ (CONFIRM)
https://access.redhat.com/security/vulnerabilities/speculativeexecution (CONFIRM)
http://xenbits.xen.org/xsa/advisory-254.html (CONFIRM)
1040071 (SECTRACK)
VU#584653 (CERT-VN)
http://nvidia.custhelp.com/app/answers/detail/a_id/4609 (CONFIRM)
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html (CONFIRM)
43427 (EXPLOIT-DB)
20180104 CPU Side-Channel Information Disclosure Vulnerabilities (CISCO)
https://support.citrix.com/article/CTX231399 (CONFIRM)
https://security.netapp.com/advisory/ntap-20180104-0001/ (CONFIRM)
102376 (BID)
http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html (MISC)
http://nvidia.custhelp.com/app/answers/detail/a_id/4614 (CONFIRM)
http://nvidia.custhelp.com/app/answers/detail/a_id/4613 (CONFIRM)
http://nvidia.custhelp.com/app/answers/detail/a_id/4611 (CONFIRM)
openSUSE-SU-2018:0023 (SUSE)
openSUSE-SU-2018:0022 (SUSE)
SUSE-SU-2018:0020 (SUSE)
SUSE-SU-2018:0019 (SUSE)
openSUSE-SU-2018:0013 (SUSE)
SUSE-SU-2018:0012 (SUSE)
SUSE-SU-2018:0011 (SUSE)
SUSE-SU-2018:0010 (SUSE)
SUSE-SU-2018:0009 (SUSE)
SUSE-SU-2018:0008 (SUSE)
SUSE-SU-2018:0007 (SUSE)
SUSE-SU-2018:0006 (SUSE)
https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html (CONFIRM)
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us (CONFIRM)
USN-3516-1 (UBUNTU)
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html (CONFIRM)
RHSA-2018:0292 (REDHAT)
DSA-4120 (DEBIAN)
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt (CONFIRM)
FreeBSD-SA-18:03 (FREEBSD)
USN-3597-2 (UBUNTU)
USN-3597-1 (UBUNTU)
USN-3594-1 (UBUNTU)
USN-3582-2 (UBUNTU)
USN-3582-1 (UBUNTU)
USN-3581-2 (UBUNTU)
USN-3581-1 (UBUNTU)
USN-3580-1 (UBUNTU)
USN-3561-1 (UBUNTU)
USN-3560-1 (UBUNTU)
USN-3549-1 (UBUNTU)
USN-3531-1 (UBUNTU)
USN-3542-2 (UBUNTU)
https://www.vmware.com/security/advisories/VMSA-2018-0007.html (CONFIRM)
USN-3541-2 (UBUNTU)
USN-3540-2 (UBUNTU)
USN-3531-3 (UBUNTU)
USN-3620-2 (UBUNTU)
DSA-4188 (DEBIAN)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
https://cert.vde.com/en-us/advisories/vde-2018-003 (CONFIRM)
https://cert.vde.com/en-us/advisories/vde-2018-002 (CONFIRM)
VU#180049 (CERT-VN)
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability (CONFIRM)
DSA-4213 (DEBIAN)
USN-3690-1 (UBUNTU)
[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update (MLIST)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update (MLIST)
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html (CONFIRM)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us (CONFIRM)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update (MLIST)
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (CONFIRM)
USN-3777-3 (UBUNTU)
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001 (CONFIRM)
GLSA-201810-06 (GENTOO)
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes (CONFIRM)
20190624 [SECURITY] [DSA 4469-1] libvirt security update (BUGTRAQ)
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt (CONFIRM)
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (MISC)
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf (CONFIRM)
FreeBSD-SA-19:26 (FREEBSD)
20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu (BUGTRAQ)
http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html (MISC)
https://security.paloaltonetworks.com/CVE-2017-5715 (CONFIRM)
[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update (MLIST)
[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update (MLIST)
CVE: CVE-2017-5856
CVE: CVE-2017-5856
Id:
CVE-2017-5856
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5856
Comment
: Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1418342 (CONFIRM)
[oss-security] 20170202 Re: CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd (MLIST)
[oss-security] 20170201 CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd (MLIST)
95999 (BID)
GLSA-201702-28 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=765a707000e838c30b18d712fe6cb3dd8e0435f3 (MISC)
CVE: CVE-2017-5973
CVE: CVE-2017-5973
Id:
CVE-2017-5973
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5973
Comment
: The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
[qemu-devel] 20170206 [PATCH] xhci: apply limits to loops (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1421626 (CONFIRM)
96220 (BID)
[oss-security] 20170214 CVE-2017-5973 Qemu: usb: infinite loop while doing control transfer in xhci_kick_epctx (MLIST)
GLSA-201704-01 (GENTOO)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=f89b60f6e5fee3923bedf80e82b4e5efc1bb156b ()
CVE: CVE-2017-5987
CVE: CVE-2017-5987
Id:
CVE-2017-5987
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5987
Comment
: The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
[qemu-devel] 20170213 Re: [Qemu-devel] [PATCH v3 1/4] sd: sdhci: check transfer mode register in multi block transfer (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1421995 (CONFIRM)
96263 (BID)
[oss-security] 20170214 CVE-2017-5987 Qemu: sd: infinite loop issue in multi block transfers (MLIST)
GLSA-201704-01 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=6e86d90352adf6cb08295255220295cf23c4286e ()
CVE: CVE-2017-6505
CVE: CVE-2017-6505
Id:
CVE-2017-6505
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6505
Comment
: The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1429432 (CONFIRM)
[oss-security] 20170306 CVE-2017-6505 Qemu: usb: an infinite loop issue in ohci_service_ed_list (MLIST)
96611 (BID)
GLSA-201704-01 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commitdiff%3Bh=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb ()
CVE: CVE-2017-7377
CVE: CVE-2017-7377
Id:
CVE-2017-7377
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7377
Comment
: The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
[qemu-devel] 20170328 [PULL 1/2] 9pfs: fix file descriptor leak (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1437871 (CONFIRM)
[oss-security] 20170403 CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create (MLIST)
97319 (BID)
GLSA-201706-03 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e ()
CVE: CVE-2017-7493
CVE: CVE-2017-7493
Id:
CVE-2017-7493
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7493
Comment
: Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
732 (Incorrect Permission Assignment for Critical Resource)
References:
[qemu-devel] 20170516 [PULL] 9pfs: local: forbid client access to metadata (CVE-2017-7493) (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1451709 (CONFIRM)
[oss-security] 20170517 CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode (MLIST)
98574 (BID)
GLSA-201706-03 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-7718
CVE: CVE-2017-7718
Id:
CVE-2017-7718
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7718
Comment
: hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1443441 (CONFIRM)
[oss-security] 20170419 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue (MLIST)
97957 (BID)
GLSA-201706-03 (GENTOO)
RHSA-2017:1441 (REDHAT)
RHSA-2017:1431 (REDHAT)
RHSA-2017:1430 (REDHAT)
RHSA-2017:1206 (REDHAT)
RHSA-2017:1205 (REDHAT)
RHSA-2017:0988 (REDHAT)
RHSA-2017:0984 (REDHAT)
RHSA-2017:0983 (REDHAT)
RHSA-2017:0982 (REDHAT)
RHSA-2017:0981 (REDHAT)
RHSA-2017:0980 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=215902d7b6fb50c6fc216fc74f770858278ed904 ()
CVE: CVE-2017-7980
CVE: CVE-2017-7980
Id:
CVE-2017-7980
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7980
Comment
: Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1430056 (CONFIRM)
[oss-security] 20170421 CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines (MLIST)
USN-3289-1 (UBUNTU)
GLSA-201706-03 (GENTOO)
97955 (BID)
https://support.citrix.com/article/CTX230138 (CONFIRM)
102129 (BID)
RHSA-2017:1441 (REDHAT)
RHSA-2017:1430 (REDHAT)
RHSA-2017:1206 (REDHAT)
RHSA-2017:1205 (REDHAT)
RHSA-2017:0988 (REDHAT)
RHSA-2017:0984 (REDHAT)
RHSA-2017:0983 (REDHAT)
RHSA-2017:0982 (REDHAT)
RHSA-2017:0981 (REDHAT)
RHSA-2017:0980 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-8086
CVE: CVE-2017-8086
Id:
CVE-2017-8086
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8086
Comment
: Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
[qemu-devel] 20170410 [PULL] 9pfs: xattr: fix memory leak in v9fs_list_xattr (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1444781 (CONFIRM)
98012 (BID)
[oss-security] 20170425 CVE-2017-8086 Qemu: 9pfs: host memory leakage via v9pfs_list_xattr (MLIST)
GLSA-201706-03 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 ()
CVE: CVE-2017-8112
CVE: CVE-2017-8112
Id:
CVE-2017-8112
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8112
Comment
: hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
[qemu-devel] 20170425 Re: [PATCH] vmw_pvscsi: check message ring page count at initialisation (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1445621 (CONFIRM)
98015 (BID)
[oss-security] 20170426 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2 (MLIST)
GLSA-201706-03 (GENTOO)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-8309
CVE: CVE-2017-8309
Id:
CVE-2017-8309
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8309
Comment
: Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
[qemu-devel] 20170428 [PATCH] audio: release capture buffers (MLIST)
98302 (BID)
GLSA-201706-03 (GENTOO)
RHSA-2017:2408 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-8379
CVE: CVE-2017-8379
Id:
CVE-2017-8379
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8379
Comment
: Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth (MLIST)
98277 (BID)
[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard (MLIST)
GLSA-201706-03 (GENTOO)
RHSA-2017:2408 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-9330
CVE: CVE-2017-9330
Id:
CVE-2017-9330
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9330
Comment
: QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.6
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1457697 (CONFIRM)
[oss-security] 20170601 CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value (MLIST)
98779 (BID)
GLSA-201706-03 (GENTOO)
DSA-3920 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=26f670a244982335cc08943fb1ec099a2c81e42d ()
CVE: CVE-2017-9373
CVE: CVE-2017-9373
Id:
CVE-2017-9373
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9373
Comment
: Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1458270 (CONFIRM)
98921 (BID)
[oss-security] 20170605 CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug (MLIST)
DSA-3920 (DEBIAN)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d68f0f778e7f4fbd674627274267f269e40f0b04 ()
CVE: CVE-2017-9374
CVE: CVE-2017-9374
Id:
CVE-2017-9374
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9374
Comment
: Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
401 (Improper Release of Memory Before Removing Last Reference ('Memory Leak'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1459132 (CONFIRM)
[oss-security] 20170606 CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug (MLIST)
98905 (BID)
DSA-3920 (DEBIAN)
RHSA-2017:2408 (REDHAT)
RHSA-2017:2392 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0 ()
CVE: CVE-2017-9503
CVE: CVE-2017-9503
Id:
CVE-2017-9503
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9503
Comment
: QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
[qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas (MLIST)
[qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1459477 (CONFIRM)
[oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command (MLIST)
99010 (BID)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
[debian-lts-announce] 20200726 [SECURITY] [DLA 2288-1] qemu security update (MLIST)
CVE: CVE-2017-10806
CVE: CVE-2017-10806
Id:
CVE-2017-10806
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806
Comment
: Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
[qemu-devel] 20170512 [PULL 2/6] usb-redir: fix stack overflow in usbredir_log_data (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1468496 (CONFIRM)
99475 (BID)
[oss-security] 20170707 CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging (MLIST)
DSA-3925 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-10911
CVE: CVE-2017-10911
Id:
CVE-2017-10911
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
Comment
: The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://xenbits.xen.org/xsa/advisory-216.html (CONFIRM)
https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8 (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341 (CONFIRM)
99162 (BID)
1038720 (SECTRACK)
GLSA-201708-03 (GENTOO)
DSA-3945 (DEBIAN)
DSA-3927 (DEBIAN)
DSA-3920 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-11434
CVE: CVE-2017-11434
Id:
CVE-2017-11434
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434
Comment
: The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
[qemu-devel] 20170717 [PATCH] slirp: check len against dhcp options array end (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1472611 (CONFIRM)
[oss-security] 20170719 CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options (MLIST)
99923 (BID)
DSA-3925 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-14167
CVE: CVE-2017-14167
Id:
CVE-2017-14167
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167
Comment
: Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
8.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
[qemu-devel] 20170905 [PATCH] multiboot: validate multiboot header address values (MLIST)
[oss-security] 20170907 CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image (MLIST)
100694 (BID)
DSA-3991 (DEBIAN)
RHSA-2017:3369 (REDHAT)
RHSA-2017:3368 (REDHAT)
RHSA-2017:3474 (REDHAT)
RHSA-2017:3473 (REDHAT)
RHSA-2017:3472 (REDHAT)
RHSA-2017:3471 (REDHAT)
RHSA-2017:3470 (REDHAT)
RHSA-2017:3466 (REDHAT)
USN-3575-1 (UBUNTU)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-15038
CVE: CVE-2017-15038
Id:
CVE-2017-15038
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15038
Comment
: Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.6
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
[qemu-devel] 20171004 Re: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr (MLIST)
[oss-security] 20171006 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes (MLIST)
USN-3575-1 (UBUNTU)
DSA-4213 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-15289
CVE: CVE-2017-15289
Id:
CVE-2017-15289
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15289
Comment
: The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
[qemu-devel] 20171011 [PATCH v2] cirrus: fix oob access in mode4and5 write functions (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1501290 (CONFIRM)
[oss-security] 20171012 CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions (MLIST)
101262 (BID)
RHSA-2017:3369 (REDHAT)
RHSA-2017:3368 (REDHAT)
RHSA-2017:3474 (REDHAT)
RHSA-2017:3473 (REDHAT)
RHSA-2017:3472 (REDHAT)
RHSA-2017:3471 (REDHAT)
RHSA-2017:3470 (REDHAT)
RHSA-2017:3466 (REDHAT)
RHSA-2018:0516 (REDHAT)
USN-3575-1 (UBUNTU)
DSA-4213 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-16845
CVE: CVE-2017-16845
Id:
CVE-2017-16845
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16845
Comment
: hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSSv3 Score:
10
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
CWE:
20 (Improper Input Validation)
References:
[qemu-devel] 20171116 [PATCH v2] ps2: check PS2Queue indices in post_load routine (MLIST)
101923 (BID)
USN-3575-1 (UBUNTU)
USN-3649-1 (UBUNTU)
DSA-4213 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2017-18030
CVE: CVE-2017-18030
Id:
CVE-2017-18030
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18030
Comment
: The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
4.4
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
102520 (BID)
[oss-security] 20180115 CVE-2017-18030 Qemu: Out-of-bounds access in cirrus_invalidate_region routine (MLIST)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f153b563f8cf121aebf5a2fff5f0110faf58ccb3 ()
CVE: CVE-2017-18043
CVE: CVE-2017-18043
Id:
CVE-2017-18043
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18043
Comment
: Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
[oss-security] 20180119 CVE-2017-18043 Qemu: integer overflow in ROUND_UP macro could result in DoS (MLIST)
102759 (BID)
USN-3575-1 (UBUNTU)
DSA-4213 (DEBIAN)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2098b073f398cd628c09c5a78537a6854 ()
CVE: CVE-2018-5683
CVE: CVE-2018-5683
Id:
CVE-2018-5683
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5683
Comment
: The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
[Qemu-devel] 20180112 Re: [Qemu-devel] [PATCH v3] vga: check the validation of memory addr when draw text (MLIST)
102518 (BID)
[oss-security] 20180115 CVE-2018-5683 Qemu: Out-of-bounds read in vga_draw_text routine (MLIST)
USN-3575-1 (UBUNTU)
RHSA-2018:1104 (REDHAT)
RHSA-2018:0816 (REDHAT)
DSA-4213 (DEBIAN)
RHSA-2018:2162 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
CVE: CVE-2018-7550
CVE: CVE-2018-7550
Id:
CVE-2018-7550
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7550
Comment
: The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
[qemu-devel] 20180228 [PATCH] multiboot: check mh_load_end_addr address field (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=1549798 (CONFIRM)
103181 (BID)
[debian-lts-announce] 20180417 [SECURITY] [DLA 1351-1] qemu security update (MLIST)
[debian-lts-announce] 20180417 [SECURITY] [DLA 1350-1] qemu-kvm security update (MLIST)
RHSA-2018:1369 (REDHAT)
USN-3649-1 (UBUNTU)
DSA-4213 (DEBIAN)
RHSA-2018:2462 (REDHAT)
[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update (MLIST)
https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53 ()
Content available only for registered users!
ovaldb@altx-soft.com