[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:2004020
This CVE is missing description

oval:org.secpod.oval:def:2004022
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.

oval:org.secpod.oval:def:2004021
This CVE is missing description

oval:org.secpod.oval:def:55503
Vincent Tondellier reported that the qemu update issued as DSA 4454-1 did not correctly backport the support to define the md-clear bit to allow mitigation of the MDS vulnerabilities. Updated qemu packages are now available to correct this issue.

oval:org.secpod.oval:def:52005
qemu: Machine emulator and virtualizer Details: USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. We apologize for the inconvenience. Original advisory USN-3575-1 introd ...

oval:org.secpod.oval:def:59780
qemu subpackages are installed

oval:org.secpod.oval:def:69784
This update for QEMU, a fast processor emulator, backports support to passthrough the pschange-mc-no CPU flag. The virtualised MSR seen by a guest is set to show the bug as fixed, allowing to disable iTLB Multihit mitigations in nested hypervisors .

oval:org.secpod.oval:def:67450
qemu subpackages are installed

oval:org.secpod.oval:def:106695
qemu is installed

oval:org.secpod.oval:def:603936
Vincent Tondellier reported that the qemu update issued as DSA 4454-1 did not correctly backport the support to define the md-clear bit to allow mitigation of the MDS vulnerabilities. Updated qemu packages are now available to correct this issue.

oval:org.secpod.oval:def:106014
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:601514
qemu is installed

oval:org.secpod.oval:def:110117
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:70120
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:70392
qemu: Machine emulator and virtualizer Details: USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4467-1 introduced a regression in QEMU.

oval:org.secpod.oval:def:601263
Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host ...

oval:org.secpod.oval:def:89003357
This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input . - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources . - CVE-2019-13164: Security fix for qemu-bridge-help ...

oval:org.secpod.oval:def:89003212
This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input . - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources . - CVE-2019-13164: Security fix for qemu-bridge-help ...

oval:org.secpod.oval:def:70121
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:2004899
This CVE is missing description

oval:org.secpod.oval:def:110191
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110229
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110062
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110003
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89045344
This update for qemu to version 2.6.2 fixes the several issues. These security issues were fixed: - CVE-2016-7161: Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU allowed attackers to execute arbitrary code on the QEMU host via a large ethlite packet . - CVE-201 ...

oval:org.secpod.oval:def:110774
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110827
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110824
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110588
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110610
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110079
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110368
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:110338
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:400801
This update fixes the following security issues: - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. - Infinite loop in processing command block list. CVE-2015-8345 : This update also fixes a non-security bug: - Due to space restrictions in limited bios dat ...

oval:org.secpod.oval:def:601789
Several vulnerabilities were discovered in qemu, a fast processor emulator: * Various security issues have been found in the block qemu drivers. Malformed disk images might result in the execution of arbitrary code. * A NULL pointer dereference in SLIRP may result in denial of service * An informati ...

oval:org.secpod.oval:def:600883
Multiple vulnerabilities have been discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2652: The snapshot mode of QEMU incorrectly handles temporary files used to store the current state, making it vulnerable to ...

oval:org.secpod.oval:def:111908
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:111940
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89003267
This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation . - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp . - CVE-2018-19489: Fixed a denial of ser ...

oval:org.secpod.oval:def:3300824
SUSE Security Update: Security update for qemu

oval:org.secpod.oval:def:109904
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89050266
This update for qemu fixes the following issues: - CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu routine while emulating IRC and other protocols . - CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI config space allocation . - CVE-2020-1711: Fixed an ...

oval:org.secpod.oval:def:89050506
This update for qemu fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . Non-security issues fixed: - Fixed an issue where limiting the memory bandwidth was not possible . - Fixed the issue that s390x could not read IPL channe ...

oval:org.secpod.oval:def:89050230
This update for qemu to version 4.2.1 fixes the following issues: - CVE-2020-10761: Fixed a denial of service in Network Block Device support infrastructure . - CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation . - CVE-2020-13659: Fixed a null pointer dereference possibilit ...

oval:org.secpod.oval:def:89050233
This update for qemu fixes the following issues: - CVE-2020-14364: Fixed an OOB access while processing USB packets . - CVE-2020-16092: Fixed a denial of service in packet processing of various emulated NICs . - CVE-2020-15863: Fixed a buffer overflow in the XGMAC device . - CVE-2020-24352: Fixed an ...

oval:org.secpod.oval:def:89050551
This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input . - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources . - CVE-2019-13164: Security fix for qemu-bridge-help ...

oval:org.secpod.oval:def:89050788
This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-14378: Security fix for heap overflow in ip_reass on big packet input . - CVE-2019-12155: Security fix for null pointer dereference while releasing spice resources . - CVE-2019-13164: Security fix for qemu-bridge-help ...

oval:org.secpod.oval:def:1504947
[15:4.2.1-9.el7] - Revert oslib-posix: refactor memory prealloc threads [Orabug: 32903662] - Revert oslib-posix: initialize backend memory objects in parallel [Orabug: 32903662] [15:4.2.1-8.el7] - i386/pc: let iterator handle regions below 4G [15:4.2.1-7.el7] - arm/virt: Add memory hot remove sup ...

oval:org.secpod.oval:def:2004011
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

oval:org.secpod.oval:def:106981
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:1901437
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

oval:org.secpod.oval:def:2000911
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.

oval:org.secpod.oval:def:116161
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:2000326
A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying filesystem may have changed since the time lstat was called in usb_mtp_object_alloc, a classic ...

oval:org.secpod.oval:def:1901301
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked .

oval:org.secpod.oval:def:1901101
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled.

oval:org.secpod.oval:def:1504762
[15:3.0.0-4.el7] - usb-mtp: use O_NOFOLLOW and O_CLOEXEC. [Orabug: 29056673] {CVE-2018-16872} - pvrdma: add uar_read routine {CVE-2018-20191} - pvrdma: release ring object in case of an error [Orabug: 29171822] {CVE-2018-20126} - pvrdma: check number of pages when creating rings [Orabug: 2917182 ...

oval:org.secpod.oval:def:1900758
hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service in create_cq_ring or create_qp_rings.

oval:org.secpod.oval:def:1900881
hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.

oval:org.secpod.oval:def:1900087
A flaw was found in qemu Media Transfer Protocol . The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn"t consider that the underlying file system may have changed since the time lstat was called in usb_mtp_object_alloc, a classi ...

oval:org.secpod.oval:def:89049777
This update for qemu fixes the following issues: Security issue fixed: - CVE-2018-16847: Fixed an out of bounds r/w buffer access in cmb operations . Non-security issue fixed: - Fixed serial console issue in SLES 12 SP2 that triggered a qemu-kvm bug .

oval:org.secpod.oval:def:111459
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89047775
This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash

oval:org.secpod.oval:def:1900675
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation , which allows attackers to cause a denial of service .

oval:org.secpod.oval:def:1901552
A flaw was found in qemu Media Transfer Protocol before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead d ...

oval:org.secpod.oval:def:2001617
Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU allows local guest OS users to cause a denial of service via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.

oval:org.secpod.oval:def:2000540
** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as ...

oval:org.secpod.oval:def:89048513
This update for qemu fixes the following issues: * CVE-2022-4144: Fixed unsafe address translation that can lead to out-of- bounds read in qxl_phys2virt .

oval:org.secpod.oval:def:600949
It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames .

oval:org.secpod.oval:def:106874
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:601830
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2014-3689 The Advanced Threat Research team at Intel Security reported that guest provided parameter were insufficiently validated in rectangle functions in the vmware-vga driver. A privileged guest user could use this f ...

oval:org.secpod.oval:def:601857
Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast processor emulator. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host ...

oval:org.secpod.oval:def:109192
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:108161
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89044958
This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS . - CVE-2017-5857: The Virtio GPU Device em ...

oval:org.secpod.oval:def:109482
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:107065
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:602219
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3214 Matt Tait of Google"s Project Zero security team discovered a flaw in the QEMU i8254 PIT emulation. A privileged guest user in a guest with QEMU PIT emulation enabled could potentially use this flaw to execute ...

oval:org.secpod.oval:def:110561
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:109208
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:109443
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:602231
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service . CVE-2015-5279 Qinghao Tang of QIHU 360 Inc ...

oval:org.secpod.oval:def:109588
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:109585
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:109529
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:602364
Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tang o ...

oval:org.secpod.oval:def:602361
Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service , that could occur when receiving large packets. CVE-2015-7504 Qinghao Tang ...

oval:org.secpod.oval:def:108107
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:107245
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:602140
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2015-3209 Matt Tait of Google"s Project Zero security team discovered a flaw in the way QEMU"s AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest wit ...

oval:org.secpod.oval:def:108696
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:108885
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:109618
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:400672
qemu was updated to fix 37 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI DMA I/O - ...

oval:org.secpod.oval:def:110505
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:107443
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:109867
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:107757
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:107879
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:400637
qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI dma I/O - ...

oval:org.secpod.oval:def:602088
Several vulnerabilities were discovered in the qemu virtualisation solution: CVE-2014-9718 It was discovered that the IDE controller emulation is susceptible to denial of service. CVE-2015-1779 Daniel P. Berrange discovered a denial of service vulnerability in the VNC web socket decoder. CVE-2015-27 ...

oval:org.secpod.oval:def:108863
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:109828
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:2000435
ppc64: sPAPR emulator leaks the host hardware identity

oval:org.secpod.oval:def:1901900
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.

oval:org.secpod.oval:def:1504707
[15:4.2.1-5.el7] - qemu.spec: use --tls-priority=NORMAL for OL7 - hostmem: fix default prealloc-threads count [Orabug: 32472127] - hostmem: introduce prealloc-threads property - qom: introduce object_register_sugar_prop - migration/multifd: Do error_free after migrate_set_error to avoid memleaks ...

oval:org.secpod.oval:def:2000180
slirp: heap buffer overflow in tcp_emu

oval:org.secpod.oval:def:2000279
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service because of a race condition during file renaming.

oval:org.secpod.oval:def:2000224
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to a use-after-free outcome.

oval:org.secpod.oval:def:2004019
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write operations. A guest OS user can crash the QEMU process.

oval:org.secpod.oval:def:2004025
rom_copy in hw/core/loader.c in QEMU 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

oval:org.secpod.oval:def:2004010
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data"s address set to the e1000e"s MMIO address.

oval:org.secpod.oval:def:2004013
This CVE is missing description

oval:org.secpod.oval:def:2004012
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.

oval:org.secpod.oval:def:2004015
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.

oval:org.secpod.oval:def:2004017
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.

oval:org.secpod.oval:def:2004016
This CVE is missing description

oval:org.secpod.oval:def:602497
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2016-3710 Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds read and write flaw in the QEMU VGA module. A privileged guest user could use this flaw to execute arbitrary code on the host with the privile ...

oval:org.secpod.oval:def:1901072
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service because of a race condition during file renaming.

oval:org.secpod.oval:def:2000446
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU allows local guest OS users to cause a denial of service via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

oval:org.secpod.oval:def:2001507
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.

oval:org.secpod.oval:def:112137
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:112279
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:112101
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:112362
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:2000595
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU allows local guest OS users to cause a denial of service via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.

oval:org.secpod.oval:def:704002
qemu: Machine emulator and virtualizer Details: USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. We apologize for the inconvenience. Original advisory USN-3575-1 introd ...

oval:org.secpod.oval:def:1901807
device_tree: heap buffer overflow while loading device tree blob

oval:org.secpod.oval:def:604504
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs. In addition this update fixes a regression which could cause NBD connections to hang.

oval:org.secpod.oval:def:1700509
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. tcp_emu in slirp/tcp_subr.c in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure

oval:org.secpod.oval:def:1700516
A heap buffer overflow issue was found in the load_device_tree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentiall ...

oval:org.secpod.oval:def:705283
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:89000312
This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code . - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation . - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . ...

oval:org.secpod.oval:def:604521
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs.

oval:org.secpod.oval:def:1700510
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment

oval:org.secpod.oval:def:89000321
This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code . - CVE-2019-12068: Fixed a potential DoS in the LSI SCSI controller emulation . - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . ...

oval:org.secpod.oval:def:69748
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or bypass of ACLs.

oval:org.secpod.oval:def:69946
Two security issues have been found in the SLiRP networking implementation of QEMU, a fast processor emulator, which could result in the execution of arbitrary code or denial of service.

oval:org.secpod.oval:def:89000630
This update for qemu fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . Non-security issue fixed: - Fixed an issue where limiting the memory bandwidth was not possible . - Miscellaneous fixes to the in-package support documen ...

oval:org.secpod.oval:def:705631
qemu: Machine emulator and virtualizer QEMU could be made to crash or run programs.

oval:org.secpod.oval:def:1700508
A use after free vulnerability in ip_reass in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ip_reass routine while ...

oval:org.secpod.oval:def:1700514
A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled. Two VncState objects are created, and one allocates memory for the Zlib"s data object. This allocated memory is not freed upon disconnection, resultin ...

oval:org.secpod.oval:def:89000498
This update for qemu fixes the following issues: - CVE-2020-7039: Fixed a heap buffer overflow in tcp_emu routine while emulating IRC and other protocols . - CVE-2019-15034: Fixed a buffer overflow in hw/display/bochs-display.c due to improper PCI config space allocation . - CVE-2020-1711: Fixed an ...

oval:org.secpod.oval:def:89000094
This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . - CVE-2019-20382: Fixed a potential DoS due to a memory leak in VNC disconnect . - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code ...

oval:org.secpod.oval:def:1700515
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. An out-of-bounds heap buffer acces ...

oval:org.secpod.oval:def:89000279
This update for qemu fixes the following issues: Security issues fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp . - CVE-2019-20382: Fixed a potential DoS due to a memory leak in VNC disconnect . - CVE-2020-1711: Fixed a potential OOB access in the iSCSI client code ...

oval:org.secpod.oval:def:705907
qemu: Machine emulator and virtualizer Details: USN-4467-1 fixed vulnerabilities in QEMU. The fix for CVE-2020-13754 introduced a regression in certain environments. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4467-1 introduced a regression in QEMU.

oval:org.secpod.oval:def:53102
Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9310 Denial of service via infinite loop in e1000e NIC emulation. CVE-2017-9330 Denial of service via infinite loop in USB OHCI emulation. CVE-2017-9373 Denial of service via memory leak in IDE AHCI emulation. CVE-20 ...

oval:org.secpod.oval:def:603026
Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9310 Denial of service via infinite loop in e1000e NIC emulation. CVE-2017-9330 Denial of service via infinite loop in USB OHCI emulation. CVE-2017-9373 Denial of service via memory leak in IDE AHCI emulation. CVE-20 ...

oval:org.secpod.oval:def:89044809
This update for qemu fixes the following issues: Security issues fixed: * CVE-2017-10664: Fix DOS vulnerability in qemu-nbd * CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb redirection support * CVE-2017-11334: Fix OOB access during DMA operation * CVE-2017-11434: Fix OOB ac ...

oval:org.secpod.oval:def:89002165
This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use thi ...

oval:org.secpod.oval:def:53457
Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service. In addition this update backports support to passthrough the new CPU features added in the intel-microcode update shipped in DSA 4273 to x86-based guests.

oval:org.secpod.oval:def:115587
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89044823
This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-9330: USB OHCI Emulation in qemu allowed local guest OS users to cause a denial of service by leveraging an incorrect return value . - CVE-2017-8379: Memory leak in the keyboard input event handlers support allo ...

oval:org.secpod.oval:def:53106
Multiple vulnerabilities were found in qemu, a fast processor emulator: CVE-2017-9524 Denial of service in qemu-nbd server CVE-2017-10806 Buffer overflow in USB redirector CVE-2017-11334 Out-of-band memory access in DMA operations CVE-2017-11443 Out-of-band memory access in SLIRP/DHCP

oval:org.secpod.oval:def:89049595
This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use thi ...

oval:org.secpod.oval:def:603933
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure. In addition this update backports support to passthrough the new md-clear CPU flag added in the intel-microcode update ship ...

oval:org.secpod.oval:def:89044675
This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c . - CVE-2017-9524: The qemu-nbd server when built with the Network Bloc ...

oval:org.secpod.oval:def:89044659
This update for qemu to version 2.9.1 fixes several issues. It also announces that the qed storage format will be no longer supported in SLE 15 . These security issues were fixed: - CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by triggering slow data-channel read operations, ...

oval:org.secpod.oval:def:112657
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:113659
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:113402
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:603564
Integer overflows in the processing of packets in network cards emulated by QEMU, a fast processor emulator, could result in denial of service. In addition this update backports support to passthrough the new CPU features added in the intel-microcode update shipped in DSA 4273 to x86-based guests.

oval:org.secpod.oval:def:121694
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:603121
Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9375 Denial of service via memory leak in USB XHCI emulation. CVE-2017-12809 Denial of service in the CDROM device drive emulation. CVE-2017-13672 Denial of service in VGA display emulation. CVE-2017-13711 Denial of ...

oval:org.secpod.oval:def:703792
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:89049661
This update for qemu fixes the following issues: This security issue was fixed: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command to the agent via the listening socket causing DoS These non-security issues were fixed: - Al ...

oval:org.secpod.oval:def:89003411
This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation . - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp . - CVE-2018-19489: Fixed a denial of ser ...

oval:org.secpod.oval:def:89002316
This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use thi ...

oval:org.secpod.oval:def:603036
Multiple vulnerabilities were found in qemu, a fast processor emulator: CVE-2017-9524 Denial of service in qemu-nbd server CVE-2017-10806 Buffer overflow in USB redirector CVE-2017-11334 Out-of-band memory access in DMA operations

oval:org.secpod.oval:def:115015
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89003104
This update for qemu fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6778: Fixed an out-of-bounds access in slirp - CVE-2018-16872: Fixed a host security vulnerability related to handling symlinks in usb-mtp - CVE-2018-19489: Fixed a Denial-of-Service in virtfs - CVE-20 ...

oval:org.secpod.oval:def:55310
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service, the execution of arbitrary code or information disclosure. In addition this update backports support to passthrough the new md-clear CPU flag added in the intel-microcode update ship ...

oval:org.secpod.oval:def:42126
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:42125
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:53149
Multiple vulnerabilities were found in in qemu, a fast processor emulator: CVE-2017-9375 Denial of service via memory leak in USB XHCI emulation. CVE-2017-12809 Denial of service in the CDROM device drive emulation. CVE-2017-13672 Denial of service in VGA display emulation. CVE-2017-13711 Denial of ...

oval:org.secpod.oval:def:89047086
This update for qemu fixes the following issues: - Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream - Fix OOB access in sdhci interface - Fix potential privilege escalation in virtiofsd tool - Fix OOB access in rtl8139 NIC emulation - Fix heap ...

oval:org.secpod.oval:def:708254
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:3300387
SUSE Security Update: Security update for qemu

oval:org.secpod.oval:def:1504760
[15:4.2.1-4.el7] - Document CVE-2020-25723 as fixed [Orabug: 32222397] {CVE-2020-25084} {CVE-2020-25723} - hw/net/e1000e: advance desc_offset in case of null descriptor [Orabug: 32217517] {CVE-2020-28916} - i386: Add 2nd Generation AMD EPYC processors [Orabug: 32217570] - libslirp: Update version ...

oval:org.secpod.oval:def:1505744
[15:4.2.1-17.el7] - arm/acpi: fix an out of spec _UID for PCI root - arm/acpi: fix duplicated _UID of PCI interrupt link devices - arm/acpi: fix PCI _PRT definition - docs: fix references to docs/devel/atomics.rst [Orabug: 33659123] - rcu: do not mention atomic_mb_read/set in documentation [Ora ...

oval:org.secpod.oval:def:89047702
This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. - CVE-2021-4207: Fixed a double fetch in qxl_cursor ...

oval:org.secpod.oval:def:89048616
This update for qemu fixes the following issues: * CVE-2022-4144: Fixed qxl_phys2virt unsafe address translation that can lead to out-of-bounds read . * CVE-2022-3165: Fixed integer underflow in vnc_client_cut_text_ext . * CVE-2022-1050: Fixed use-after-free issue in pvrdma_exec_cmd . Bugfixes: * Fi ...

oval:org.secpod.oval:def:89048930
This update for qemu fixes the following issues: * CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout in hw/scsi/lsi53c895a.c . * CVE-2021-3929: Fixed use-after-free in nvme, caused by DMA reentrancy issue . * CVE-2021-4207: Fixed heap buffer overflow caused by double fetch in qxl_cursor . * CVE ...

oval:org.secpod.oval:def:3300916
SUSE Security Update: Security update for qemu

oval:org.secpod.oval:def:88496
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:88497
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:89047358
This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak - CVE-2021-4207: Fixed double fetch in qxl_cursor can lead to heap buffer overflow - CVE-2021-4206: Fixed integer overflow in cursor_alloc can lead to heap buffer over ...

oval:org.secpod.oval:def:88465
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:90540
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:90541
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:88485
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:88349
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code.

oval:org.secpod.oval:def:89047690
This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak - CVE-2022-26353: Fixed map leaking on error during receive - CVE-2021-4207: Fixed double fetch in qxl_cursor can lead to heap buffer overflow - CVE-2021-4206: Fixed ...

oval:org.secpod.oval:def:89047400
This update for qemu fixes the following issues: - CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash .

oval:org.secpod.oval:def:89047511
This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd . - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device . Non-security fixes: - Fixed a kernel data corruption via a long kernel boot cmdline . - Included ...

oval:org.secpod.oval:def:89048629
This update for qemu fixes the following issues: * CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt . * CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc . The following non-security bugs were fixed: * Fix bsc#1202364. * Introd ...

oval:org.secpod.oval:def:89045528
This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc - NULL pointer dereference in ESP - NULL pointer dereference issue in megasas-gen2 host bus adapter - eepro100: stack overflow via infinite recursion - usb: unbounded ...

oval:org.secpod.oval:def:1505422
[15:4.2.1-15.el7] - Document CVE-2021-4158 and CVE-2021-3947 as fixed [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-3947} {CVE-2021-4158} - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 [Orabug: 32439466] {CVE-2021-20196} - hw/block/fdc: Extract blk_create_empty_drive [Orabug: ...

oval:org.secpod.oval:def:89044202
This update for qemu fixes the following issues: - Fix OOB access in sm501 device emulation - Fix OOB access possibility in MegaRAID SAS 8708EM2 emulation - Fix use-after-free in usb xhci packet handling - Fix use-after-free in usb ehci packet handling - Fix OOB access in usb hcd-ohci emulation ...

oval:org.secpod.oval:def:89047120
This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc - NULL pointer dereference in ESP - NULL pointer dereference issue in megasas-gen2 host bus adapter - eepro100: stack overflow via infinite recursion - usb: unbounded ...

oval:org.secpod.oval:def:89047116
This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS device emulation - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd - Fix ...

oval:org.secpod.oval:def:3300563
SUSE Security Update: Security update for qemu

oval:org.secpod.oval:def:1505071
[15:4.2.1-11.el7] - pvrdma: Fix the ring init error flow [Orabug: 33120142] {CVE-2021-3608} - pvrdma: Ensure correct input on ring init [Orabug: 33120146] {CVE-2021-3607} - hw/rdma: Fix possible mremap overflow in the pvrdma device [Orabug: 33120084] {CVE-2021-3582} - vhost-user-gpu: reorder f ...

oval:org.secpod.oval:def:89047101
This update for qemu fixes the following issues: - CVE-2021-3546: Fixed out-of-bounds write in virgl_cmd_get_capset . - CVE-2021-3544: Fixed memory leaks found in the virtio vhost-user GPU device . - CVE-2021-3545: Fixed information disclosure due to uninitialized memory read .

oval:org.secpod.oval:def:51054
qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU.

oval:org.secpod.oval:def:114684
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:114757
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89043990
This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests . Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writ ...

oval:org.secpod.oval:def:1504737
[15:3.0.0-1.el7] - net: ignore packet size greater than INT_MAX [Orabug: 28763782] {CVE-2018-17963} - pcnet: fix possible buffer overflow [Orabug: 28763774] {CVE-2018-17962} - rtl8139: fix possible out of bound access [Orabug: 28763765] {CVE-2018-17958} - ne2000: fix possible out of bound access ...

oval:org.secpod.oval:def:704120
qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU.

oval:org.secpod.oval:def:704203
qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU.

oval:org.secpod.oval:def:89002408
This update for qemu fixes the following issues: These security issues were fixed: - CVE-2018-12617: qmp_guest_file_read had an integer overflow that could have been exploited by sending a crafted QMP command to the agent via the listening socket causing DoS . - CVE-2018-11806: Prevent heap-based b ...

oval:org.secpod.oval:def:115017
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89049622
This update for qemu to version 2.11.2 fixes the following issues: Security issue fixed: - CVE-2018-11806: Fix heap buffer overflow issue that can happen while reassembling fragmented datagrams . - CVE-2018-3639: Mitigation functionality for Speculative Store Bypass issue in x86 . - CVE-2018-7550: F ...

oval:org.secpod.oval:def:51087
qemu: Machine emulator and virtualizer Side channel execution mitigations were added to QEMU.

oval:org.secpod.oval:def:43415
It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. To address the issue, updates to the Ubuntu ...

oval:org.secpod.oval:def:51533
It was discovered that a new class of side channel attacks impact most processors, including processors from Intel, AMD, and ARM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. To address the issue, updates to the Linux M ...

oval:org.secpod.oval:def:89050697
This update for qemu fixes the following issues: qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. Security issues fixed: - CVE-2019-12068: Fixed potential DOS in lsi scsi controller emulati ...

oval:org.secpod.oval:def:116623
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:116621
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89003173
This update for qemu fixes the following issues: - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature quot;md-clearquot;

oval:org.secpod.oval:def:89003053
This update for qemu fixes the following issues: - Remove a backslash (\) escape character from 80-qemu-ga.rules Unlike sles 15 or newer guests, The udev rule file of qemu guest agent in sles 12 sp4 or newer guest only needs one escape character. - Fix use-after-free in slirp - Fix potential DOS i ...

oval:org.secpod.oval:def:116640
QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ...

oval:org.secpod.oval:def:89003099
This update for qemu fixes the following issues: - CVE-2019-9824: Fixed an information leak in slirp - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue - CVE-2019-3812: Fixed OOB memory access and information l ...

oval:org.secpod.oval:def:89003091
This update for qemu fixes the following issues: Following security issues were fixed: - CVE-2019-9824: Fixed an information leak in slirp - CVE-2018-20815: Fix DOS possibility in device tree processing - CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091: Added x86 cpu feature quot;md-cl ...

oval:org.secpod.oval:def:1504751
[15:3.1.0-3.el7] - x86: Document CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 as fixed [Orabug: 29744956] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2019-11091} [15:3.1.0-2.el7] - x86: Add mds feature - e1000: Never increment the RX undersize count register - qemu.spec ...

oval:org.secpod.oval:def:55021
qemu: Machine emulator and virtualizer Several issues were addressed in QEMU.

oval:org.secpod.oval:def:89050663
This update for qemu fixes the following issues: - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15 - Fix use-after-free in slirp - Fix potential DOS in lsi scsi controller emulation - Expose taa-no "feature", indicating CPU does not have the TSX Async Abort vulnerabil ...

oval:org.secpod.oval:def:704948
qemu: Machine emulator and virtualizer Several issues were addressed in QEMU.

oval:org.secpod.oval:def:89050620
This update for qemu fixes the following issues: Security issues fixed: - CVE-2019-9824: Fixed an information leak in slirp - CVE-2019-8934: Added method to specify whether or not to expose certain ppc64 host information, which can be considered a security issue - CVE-2019-3812: Fixed OOB memory a ...

oval:org.secpod.oval:def:53337
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. CVE-2017-15124 ...

oval:org.secpod.oval:def:603411
Several vulnerabilities were discovered in qemu, a fast processor emulator. CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs. CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service. CVE-2017-15124 ...

oval:org.secpod.oval:def:89002451
This update for qemu fixes the following issues: This update has the next round of Spectre v2 related patches, which now integrate with corresponding changes in libvirt. The January 2018 release of qemu initially addressed the Spectre v2 vulnerability for KVM guests by exposing the spec-ctrl featur ...

oval:org.secpod.oval:def:89002437
This update for qemu fixes the following issues: A new feature was added: - Support EPYC vCPU type Also a mitigation for a security problem has been applied: - CVE-2017-5715: QEMU was updated to allow passing through new MSR and CPUID flags from the host VM to the CPU, to allow enabling/disabling b ...

oval:org.secpod.oval:def:89045105
This update for qemu fixes the following issues: - CVE-2021-3595: Fixed an invalid pointer initialization may lead to information disclosure . - CVE-2021-3592: Fixed an invalid pointer initialization may lead to information disclosure . - CVE-2021-3594: Fixed an invalid pointer initialization may ...

oval:org.secpod.oval:def:89045115
This update for qemu fixes the following issues: Security fixes: - CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure - CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure - CVE-2021-3594: Fix for slirp: inval ...

oval:org.secpod.oval:def:89047115
This update for qemu fixes the following issues: - CVE-2021-3582: Fix possible mremap overflow in the pvrdma - CVE-2021-3607: Ensure correct input on ring init - CVE-2021-3608: Fix the ring init error flow - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow

oval:org.secpod.oval:def:88311
Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code.

oval:org.secpod.oval:def:89048487
This update for qemu fixes the following issues: * CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc . * CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length .

oval:org.secpod.oval:def:89048604
This update for qemu fixes the following issues: * CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt . * CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc . * CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length . * CVE ...

oval:org.secpod.oval:def:1506401
[15:4.2.1-24.el7] - Revert "virtio-scsi: Send "REPORTED LUNS CHANGED" sense data upon disk hotplug events" [Orabug: 34905939] [15:4.2.1-23.el7] - hw/display/ati_2d: Fix buffer overflow in ati_2d_blt [Orabug: 33930374] {CVE-2021-3638} - tests/acpi: virt: update ACPI MADT and FADT binaries - acpi: ...

oval:org.secpod.oval:def:89048567
This update for qemu fixes the following issues: * bsc#1172033 * bsc#1180207 * bsc#1172382 * bsc#1198038 * bsc#1193880 * bsc#1197653 * bsc#1205808 , bsc#1198712 * bsc#1175144 , bsc#1185000 , bsc#1201367, CVE-2022-35414 * About bsc#1175144, see also bsc#1182282 * bsc#1198035, CVE-2021-4206

oval:org.secpod.oval:def:127212
qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals.

oval:org.secpod.oval:def:89049163
This update for qemu fixes the following issues: * CVE-2021-4207: Fixed double fetch in qxl_cursor that could lead to heap buffer overflow . * CVE-2023-0330: Fixed DMA reentrancy issue that could lead to stack overflow . * CVE-2023-2861: Fixed improper access control on special files .

oval:org.secpod.oval:def:89049335
This update for qemu fixes the following issues: * CVE-2023-2861: Fixed improper access control on special files in 9pfs . * CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net . * CVE-2023-3255: Fixed infinite loop in inflate_buffer leads to denial of service .

oval:org.secpod.oval:def:89049184
This update for qemu fixes the following issues: * CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present . * CVE-2023-0330: Fixed reentrancy issues in the LSI controller . * CVE-2023-2861: Fixed opening special files in 9pfs . * CVE-2023-3255: Fixed infinite ...

oval:org.secpod.oval:def:98209
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:98210
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:98211
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:98212
qemu: Machine emulator and virtualizer Several security issues were fixed in QEMU.

oval:org.secpod.oval:def:1701933
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead . This could be used, for example, by L2 guests with a virtual disk stored on a virtual disk of an L1 hypervisor to read and/or write data to LBA 0 of vdiskL1, potenti ...

oval:org.secpod.oval:def:89051240
This update for qemu fixes the following issues: * CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt * CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request * CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake * [openSUSE] roms/ ...

oval:org.secpod.oval:def:125215
qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals.

oval:org.secpod.oval:def:125437
qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals.

oval:org.secpod.oval:def:1506628
[15:4.2.1-26.el7] - migration: check magic value for deciding the mapping of channels [Orabug: 34735462] - io: Add support for MSG_PEEK for socket channel [Orabug: 34735462] - migration: Move channel setup out of postcopy_try_recover [Orabug: 34735462] - vdpa: commit all host notifier MRs in a si ...

oval:org.secpod.oval:def:89049413
This update for qemu fixes the following issues: * CVE-2022-26354: Fixed a memory leak due to a missing virtqueue detach on error. * CVE-2021-3929: Fixed an use-after-free in nvme DMA reentrancy issue. * CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. * CVE-2020-13754: Fixed ...

oval:org.secpod.oval:def:89049568
This update for qemu fixes the following issues: * CVE-2022-26354: Fixed a memory leak due to a missing virtqueue detach on error. * CVE-2021-3929: Fixed an use-after-free in nvme DMA reentrancy issue. * CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. * CVE-2020-13754: Fixed ...

oval:org.secpod.oval:def:89049321
This update for qemu fixes the following issues: * CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. * CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. * CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_ ...

oval:org.secpod.oval:def:3301632
Security update for qemu

oval:org.secpod.oval:def:89050951
This update for qemu fixes the following issues: * CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device . * CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that could lead to use-after-free . * CVE-2021-3638: Fixed a buffer overflow in the ati-vga device . * CVE-2023-3354: ...

oval:org.secpod.oval:def:3301702
Security update for qemu

CVE    246
CVE-2011-2212
CVE-2011-2527
CVE-2016-10029
CVE-2016-10028
...
*CPE
cpe:/a:qemu:qemu

© SecPod Technologies