Filtered by vendor Redhat Subscriptions
Filtered by product Advanced Virtualization Subscriptions
Total 107 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-13754 4 Canonical, Debian, Qemu and 1 more 5 Ubuntu Linux, Debian Linux, Qemu and 2 more 2024-11-21 6.7 Medium
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
CVE-2020-11947 2 Qemu, Redhat 3 Qemu, Advanced Virtualization, Enterprise Linux 2024-11-21 3.8 Low
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
CVE-2020-10761 4 Canonical, Opensuse, Qemu and 1 more 5 Ubuntu Linux, Leap, Qemu and 2 more 2024-11-21 5 Medium
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.
CVE-2020-10756 5 Canonical, Debian, Libslirp Project and 2 more 7 Ubuntu Linux, Debian Linux, Libslirp and 4 more 2024-11-21 6.5 Medium
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.
CVE-2020-10717 2 Qemu, Redhat 2 Qemu, Advanced Virtualization 2024-11-21 3.3 Low
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.
CVE-2020-10702 2 Qemu, Redhat 2 Qemu, Advanced Virtualization 2024-11-21 5.5 Medium
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.
CVE-2019-9755 2 Redhat, Tuxera 7 Advanced Virtualization, Enterprise Linux, Enterprise Linux Eus and 4 more 2024-11-21 7.0 High
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
CVE-2019-3886 3 Fedoraproject, Opensuse, Redhat 4 Fedora, Leap, Advanced Virtualization and 1 more 2024-11-21 5.4 Medium
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block.
CVE-2019-20485 3 Debian, Fedoraproject, Redhat 5 Debian Linux, Fedora, Advanced Virtualization and 2 more 2024-11-21 5.7 Medium
qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).
CVE-2019-15890 3 Libslirp Project, Qemu, Redhat 5 Libslirp, Qemu, Advanced Virtualization and 2 more 2024-11-21 7.5 High
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
CVE-2019-14378 2 Libslirp Project, Redhat 7 Libslirp, Advanced Virtualization, Enterprise Linux and 4 more 2024-11-21 N/A
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
CVE-2019-12155 2 Qemu, Redhat 5 Qemu, Advanced Virtualization, Enterprise Linux and 2 more 2024-11-21 N/A
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
CVE-2019-11135 9 Canonical, Debian, Fedoraproject and 6 more 312 Ubuntu Linux, Debian Linux, Fedora and 309 more 2024-11-21 6.5 Medium
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2019-11091 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Data Sampling Uncacheable Memory, Microarchitectural Data Sampling Uncacheable Memory Firmware and 10 more 2024-11-21 N/A
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2019-10168 1 Redhat 10 Advanced Virtualization, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-11-21 7.8 High
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10167 1 Redhat 10 Advanced Virtualization, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-11-21 7.8 High
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
CVE-2019-10166 1 Redhat 10 Advanced Virtualization, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-11-21 7.8 High
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
CVE-2019-10161 2 Canonical, Redhat 6 Ubuntu Linux, Advanced Virtualization, Enterprise Linux and 3 more 2024-11-21 7.8 High
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
CVE-2019-10132 2 Fedoraproject, Redhat 4 Fedora, Advanced Virtualization, Enterprise Linux and 1 more 2024-11-21 N/A
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
CVE-2018-12130 3 Fedoraproject, Intel, Redhat 13 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware and 10 more 2024-11-21 N/A
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf