This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This flaw is strictly related to CVE-2018-13405. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.Ī flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation.
This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.Ī DMA reentrancy issue was found in the Tulip device emulation in QEMU. Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. These are used to derive other fields like 'sectors_per_block' etc. Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.Īn integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count = block_size. If you want to see a complete summary for this CPE, please contact us.Īn off-by-one read/write issue was found in the SDHCI device of QEMU.
0 kommentar(er)
