Search CVE reports
461 – 470 of 471 results
Some fixes available 1 of 18
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which...
7 affected packages
kvm, qemu, xen-3.0, qemu-kvm, xen-3.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kvm | — | — | — | — |
| qemu | — | — | — | — |
| xen-3.0 | — | — | — | — |
| qemu-kvm | — | — | — | — |
| xen-3.1 | — | — | — | — |
| xen-3.2 | — | — | — | — |
| xen-3.3 | — | — | — | — |
The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a...
9 affected packages
kvm, linux, linux-source-2.6.15, linux-source-2.6.22, qemu...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kvm | — | — | — | — |
| linux | — | — | — | — |
| linux-source-2.6.15 | — | — | — | — |
| linux-source-2.6.22 | — | — | — | — |
| qemu | — | — | — | — |
| xen-3.0 | — | — | — | — |
| xen-3.1 | — | — | — | — |
| xen-3.2 | — | — | — | — |
| xen-3.3 | — | — | — | — |
Some fixes available 1 of 14
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
7 affected packages
qemu, kvm, qemu-kvm, xen-3.0, xen-3.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | — |
| kvm | — | — | — | — |
| qemu-kvm | — | — | — | — |
| xen-3.0 | — | — | — | — |
| xen-3.1 | — | — | — | — |
| xen-3.2 | — | — | — | — |
| xen-3.3 | — | — | — | — |
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain...
1 affected package
qemu
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | — |
Some fixes available 8 of 13
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. ...
3 affected packages
kvm, qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kvm | — | — | — | — |
| qemu | — | — | — | — |
| qemu-kvm | — | — | — | — |
Some fixes available 8 of 13
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library,...
3 affected packages
kvm, qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kvm | — | — | — | — |
| qemu | — | — | — | — |
| qemu-kvm | — | — | — | — |
Some fixes available 5 of 10
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU...
4 affected packages
kvm, qemu, qemu-kvm, xen-3.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kvm | — | — | — | — |
| qemu | — | — | — | — |
| qemu-kvm | — | — | — | — |
| xen-3.1 | — | — | — | — |
Some fixes available 5 of 13
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges...
4 affected packages
kvm, bochs, qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kvm | — | — | — | — |
| bochs | — | — | — | — |
| qemu | — | — | — | — |
| qemu-kvm | — | — | — | — |
Some fixes available 8 of 13
QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
3 affected packages
kvm, qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kvm | — | — | — | — |
| qemu | — | — | — | — |
| qemu-kvm | — | — | — | — |
Some fixes available 7 of 12
QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.
3 affected packages
kvm, qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kvm | — | — | — | — |
| qemu | — | — | — | — |
| qemu-kvm | — | — | — | — |