Refine your search
12 vulnerabilities found for Qemu by QEMU
CVE-2025-54566 (GCVE-0-2025-54566)
Vulnerability from cvelistv5
Published
2025-07-25 00:00
Modified
2025-07-25 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-642 - External Control of Critical State Data
Summary
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:22:38.950134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:22:44.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"lessThanOrEqual": "10.0.3",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.0.3",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-642",
"description": "CWE-642 External Control of Critical State Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T02:45:08.969Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb32c0@rsg.ci.i.u-tokyo.ac.jp/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-54566",
"datePublished": "2025-07-25T00:00:00.000Z",
"dateReserved": "2025-07-25T00:00:00.000Z",
"dateUpdated": "2025-07-25T13:22:44.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54567 (GCVE-0-2025-54567)
Vulnerability from cvelistv5
Published
2025-07-25 00:00
Modified
2025-07-25 13:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-684 - Incorrect Provision of Specified Functionality
Summary
hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T13:21:53.985148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T13:21:58.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"lessThanOrEqual": "10.0.3",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.0.3",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": "CWE-684 Incorrect Provision of Specified Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T02:47:18.774Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lore.kernel.org/qemu-devel/20250713-wmask-v1-1-4c744cdb32c0@rsg.ci.i.u-tokyo.ac.jp/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-54567",
"datePublished": "2025-07-25T00:00:00.000Z",
"dateReserved": "2025-07-25T00:00:00.000Z",
"dateUpdated": "2025-07-25T13:21:58.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6815 (GCVE-0-2015-6815)
Vulnerability from cvelistv5
Published
2020-01-31 21:38
Modified
2024-08-06 07:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:24.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/04/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/05/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "before 2.4.0.1"
}
]
}
],
"datePublic": "2015-09-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:01:12.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/04/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/05/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-6815",
"datePublished": "2020-01-31T21:38:47.000Z",
"dateReserved": "2015-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:29:24.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5239 (GCVE-0-2015-5239)
Vulnerability from cvelistv5
Published
2020-01-23 19:52
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Integer Overflow
Summary
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/02/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "before 2.1.0"
}
]
}
],
"datePublic": "2015-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T18:48:53.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/02/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5239",
"datePublished": "2020-01-23T19:52:32.000Z",
"dateReserved": "2015-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:41:08.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5278 (GCVE-0-2015-5278)
Vulnerability from cvelistv5
Published
2020-01-23 19:40
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "before 2.4.0.1"
}
]
}
],
"datePublic": "2015-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:03:31.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2745-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/15/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5278",
"datePublished": "2020-01-23T19:40:18.000Z",
"dateReserved": "2015-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:41:09.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5745 (GCVE-0-2015-5745)
Vulnerability from cvelistv5
Published
2020-01-23 19:35
Modified
2024-08-06 06:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/06/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/06/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "before 2.4.0"
}
]
}
],
"datePublic": "2015-07-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T13:58:41.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/06/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/06/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5745",
"datePublished": "2020-01-23T19:35:16.000Z",
"dateReserved": "2015-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:59:04.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4532 (GCVE-0-2013-4532)
Vulnerability from cvelistv5
Published
2020-01-02 15:26
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4532"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2342-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "qemu",
"versions": [
{
"status": "affected",
"version": "1.1.2+dfsg to 2.1+dfsg"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-06T15:19:12.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4532"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ubuntu.com/usn/USN-2342-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4532",
"datePublished": "2020-01-02T15:26:40.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15118 (GCVE-0-2017-15118)
Vulnerability from cvelistv5
Published
2018-07-27 21:00
Modified
2024-08-05 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:15.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "101975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/8"
},
{
"name": "43194",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43194/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.11"
}
]
}
],
"datePublic": "2017-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "101975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/8"
},
{
"name": "43194",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43194/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qemu",
"version": {
"version_data": [
{
"version_value": "2.11"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "101975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101975"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/11/28/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/8"
},
{
"name": "43194",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43194/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15118",
"datePublished": "2018-07-27T21:00:00.000Z",
"dateReserved": "2017-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:50:15.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15119 (GCVE-0-2017-15119)
Vulnerability from cvelistv5
Published
2018-07-27 16:00
Modified
2024-08-05 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/9"
},
{
"name": "102011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102011"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.11"
}
]
}
],
"datePublic": "2017-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/9"
},
{
"name": "102011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102011"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "2.11"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/11/28/9",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/9"
},
{
"name": "102011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102011"
},
{
"name": "DSA-4213",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15119",
"datePublished": "2018-07-27T16:00:00.000Z",
"dateReserved": "2017-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:50:16.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7539 (GCVE-0-2017-7539)
Vulnerability from cvelistv5
Published
2018-07-26 14:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2628",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b"
},
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19"
},
{
"name": "[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/21/4"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539"
},
{
"name": "99944",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.10.1"
}
]
}
],
"datePublic": "2017-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server\u0027s initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:2628",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b"
},
{
"name": "RHSA-2017:3473",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "RHSA-2017:3470",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "RHSA-2017:3471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=ff82911cd3f69f028f2537825c9720ff78bc3f19"
},
{
"name": "[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/07/21/4"
},
{
"name": "RHSA-2017:3466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539"
},
{
"name": "99944",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99944"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7539",
"datePublished": "2018-07-26T14:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:11.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15124 (GCVE-0-2017-15124)
Vulnerability from cvelistv5
Published
2018-01-09 21:00
Modified
2024-08-05 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102295",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102295"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2018:3062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.11.0 and older"
}
]
}
],
"datePublic": "2017-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "102295",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102295"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525195"
},
{
"name": "DSA-4213",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"name": "RHSA-2018:0816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0816"
},
{
"name": "RHSA-2018:1104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "RHSA-2018:1113",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1113"
},
{
"name": "USN-3575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "RHSA-2018:3062",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3062"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15124",
"datePublished": "2018-01-09T21:00:00.000Z",
"dateReserved": "2017-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:50:16.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7493 (GCVE-0-2017-7493)
Vulnerability from cvelistv5
Published
2017-05-17 15:00
Modified
2024-08-05 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper access control issue
Summary
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98574"
},
{
"name": "[qemu-devel] 20170516 [PULL] 9pfs: local: forbid client access to metadata (CVE-2017-7493)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709"
},
{
"name": "[oss-security] 20170517 CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q2/278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "QEMU",
"versions": [
{
"status": "affected",
"version": "2.7.4"
}
]
}
],
"datePublic": "2017-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-07T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "GLSA-201706-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "98574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98574"
},
{
"name": "[qemu-devel] 20170516 [PULL] 9pfs: local: forbid client access to metadata (CVE-2017-7493)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1451709"
},
{
"name": "[oss-security] 20170517 CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2017/q2/278"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7493",
"datePublished": "2017-05-17T15:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:11.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}