Filtered by vendor Redhat
Subscriptions
Filtered by product Advanced Virtualization
Subscriptions
Total
107 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-33286 | 3 Debian, Redhat, Tuxera | 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | ||||
CVE-2021-33285 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-11-21 | 7.8 High |
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild. | ||||
CVE-2021-20257 | 4 Debian, Fedoraproject, Qemu and 1 more | 9 Debian Linux, Fedora, Qemu and 6 more | 2024-11-21 | 6.5 Medium |
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
CVE-2021-20221 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-11-21 | 6.0 Medium |
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. | ||||
CVE-2021-20196 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-11-21 | 6.5 Medium |
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
CVE-2020-8608 | 4 Debian, Libslirp Project, Opensuse and 1 more | 11 Debian Linux, Libslirp, Leap and 8 more | 2024-11-21 | 5.6 Medium |
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | ||||
CVE-2020-7039 | 5 Debian, Libslirp Project, Opensuse and 2 more | 12 Debian Linux, Libslirp, Leap and 9 more | 2024-11-21 | 5.6 Medium |
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. | ||||
CVE-2020-35517 | 2 Qemu, Redhat | 3 Qemu, Advanced Virtualization, Enterprise Linux | 2024-11-21 | 8.2 High |
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. | ||||
CVE-2020-29443 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Advanced Virtualization and 2 more | 2024-11-21 | 3.9 Low |
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | ||||
CVE-2020-27821 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-11-21 | 6.0 Medium |
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. | ||||
CVE-2020-27617 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-11-21 | 6.5 Medium |
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. | ||||
CVE-2020-25723 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Advanced Virtualization and 2 more | 2024-11-21 | 3.2 Low |
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. | ||||
CVE-2020-25637 | 2 Opensuse, Redhat | 4 Leap, Advanced Virtualization, Enterprise Linux and 1 more | 2024-11-21 | 6.7 Medium |
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2020-1983 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-11-21 | 7.5 High |
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. | ||||
CVE-2020-1711 | 4 Debian, Opensuse, Qemu and 1 more | 9 Debian Linux, Leap, Qemu and 6 more | 2024-11-21 | 7.7 High |
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. | ||||
CVE-2020-16092 | 5 Canonical, Debian, Opensuse and 2 more | 8 Ubuntu Linux, Debian Linux, Leap and 5 more | 2024-11-21 | 3.8 Low |
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. | ||||
CVE-2020-15890 | 4 Canonical, Debian, Luajit and 1 more | 4 Ubuntu Linux, Debian Linux, Luajit and 1 more | 2024-11-21 | 7.5 High |
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. | ||||
CVE-2020-14364 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-11-21 | 5.0 Medium |
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. | ||||
CVE-2020-14339 | 1 Redhat | 3 Advanced Virtualization, Enterprise Linux, Libvirt | 2024-11-21 | 8.8 High |
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
CVE-2020-14301 | 2 Netapp, Redhat | 14 Ontap Select Deploy Administration Utility, Advanced Virtualization, Codeready Linux Builder and 11 more | 2024-11-21 | 6.5 Medium |
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. |