ALAS2-2019-1248 --- qemu ivshmem-toolsID: oval:org.secpod.oval:def:1700516 | Date: (C)2020-11-27 (M)2023-12-20 |
Class: PATCH | Family: unix |
A heap buffer overflow issue was found in the load_device_tree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process. hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. Slirp: information leakage in tcp_emu due to uninitialized stack variables qxl: null pointer dereference while releasing spice resources
Product: |
qemu |
ivshmem-tools |