Redhat

Virtualization

124 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.4

CVE-2016-6888

  • EPSS 0.1%
  • Published 10.12.2016 00:59:09
  • Last modified 12.04.2025 10:46:40

Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an uncheck...

6

CVE-2016-6835

  • EPSS 0.11%
  • Published 10.12.2016 00:59:06
  • Last modified 12.04.2025 10:46:40

The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.

6

CVE-2016-8910

  • EPSS 0.1%
  • Published 04.11.2016 21:59:10
  • Last modified 12.04.2025 10:46:40

The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.

6

CVE-2016-8909

  • EPSS 0.04%
  • Published 04.11.2016 21:59:09
  • Last modified 12.04.2025 10:46:40

The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer posi...

6

CVE-2016-8669

  • EPSS 0.07%
  • Published 04.11.2016 21:59:06
  • Last modified 12.04.2025 10:46:40

The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater th...

6

CVE-2016-8576

  • EPSS 0.11%
  • Published 04.11.2016 21:59:00
  • Last modified 12.04.2025 10:46:40

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request...

5.5

CVE-2016-5403

  • EPSS 0.07%
  • Published 02.08.2016 16:59:03
  • Last modified 12.04.2025 10:46:40

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

7.8

CVE-2016-5126

  • EPSS 0.2%
  • Published 01.06.2016 22:59:08
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

6.5

CVE-2016-4020

  • EPSS 0.06%
  • Published 25.05.2016 15:59:04
  • Last modified 12.04.2025 10:46:40

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

8.8

CVE-2016-3710

  • EPSS 0.09%
  • Published 11.05.2016 21:59:01
  • Last modified 12.04.2025 10:46:40

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port...