Debian Bug report logs -
#968947
qemu: CVE-2020-14364: usb: out-of-bounds r/w access issue
Package:
src:qemu;
Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 24 Aug 2020 12:51:02 UTC
Severity: important
Tags: securi ...
Multiple security issues were discovered in QEMU, a fast processor
emulator:
CVE-2020-12829
An integer overflow in the sm501 display device may result in denial of
service
CVE-2020-14364
An out-of-bands write in the USB emulation code may result in
guest-to-host code execution
CVE-2020-15863
A buffer overflow in the XGMAC net ...
A memory leakage flaw was found in the way the VNC display driver of QEMU handled the connection disconnect when ZRLE and Tight encoding are enabled Two VncState objects are created, and one allocates memory for the Zlib's data object This allocated memory is not freed upon disconnection, resulting in a memory leak An attacker able to connect to ...
qemu-seccompc in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (CVE-2018-15746)
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator This flaw occurs in the ip_reass() routine whi ...
Synopsis
Important: Red Hat Virtualization security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for cockpit-ovirt, imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise ...
Synopsis
Important: redhat-release-virtualization-host and redhat-virtualization-host security update
Type/Severity
Security Advisory: Important
Topic
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 ...
Synopsis
Important: qemu-kvm-ma security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: qemu-kvm-ma security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Synopsis
Important: virt:82 and virt-devel:82 security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for the virt:82 and virt-devel:82 modules is now available for Advanced Virtualization for RHEL 821Red Hat Product Security has rated this update as having a security i ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform10 (Newton)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring Sys ...
Synopsis
Important: qemu-kvm-ma security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-ma is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 72 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: virt:81 and virt-devel:81 security update
Type/Severity
Security Advisory: Important
Topic
An update for the virt:81 and virt-devel:81 modules is now available for Advanced Virtualization for RHEL 811Red Hat Product Security has rated this update as having a security impact of Imp ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP ...
Synopsis
Important: virt:rhel security update
Type/Severity
Security Advisory: Important
Topic
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis
Important: virt:rhel security update
Type/Severity
Security Advisory: Important
Topic
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis
Important: qemu-kvm security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat Virtualization for Red Hat Virtualization Host 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Synopsis
Important: virt:rhel security update
Type/Severity
Security Advisory: Important
Topic
An update for the virt:rhel module is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Synopsis
Important: qemu-kvm-rhev security update
Type/Severity
Security Advisory: Important
Topic
An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform13 (Queens)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring Sys ...
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 520 This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines This flaw allows a guest user to crash the QEMU process, resulting in a denial of s ...
Description of Problem Two issues have been identified in Citrix Hypervisor that may, in certain configurations, allow privileged code in an HVM guest VM to execute code in the control domain, potentially compromising the host These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix Hypervisor 8 ...