CVE-2021-4206: A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor…

CVE-2022-26354 [MEDIUM] QEMU vulnerabilities Title: QEMU vulnerabilities Summary: Several security issues were fixed in QEMU. Alexander Bulekov discovered that QEMU incorrectly handled floppy disk emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak sensitive information. (CVE-2021-3507) It was discovered that QEMU incorrectly handled NVME controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-3929) It was discovered that QEMU incorrectly handled QXL display device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a deni

CVE-2021-4206 [HIGH] CWE-190 A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpar

CVE-2021-4206 [HIGH] CWE-190 QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow QEMU: QXL: integer overflow in cursor_alloc() can lead to heap buffer overflow A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbi

CVE-2021-4206 [HIGH] CVE-2021-4206: qemu - A flaw was found in the QXL display device emulation in QEMU. An integer overflo... A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Scope: local bookworm: resolved (fixed in 1:7.0+dfsg-1) bullseye: resolved (fixed in 1:5.2+dfsg-11+deb11u2) forky: resolved (fixed in 1:7.0+dfsg-1) sid: resolved (fixed in 1:7.0+dfsg-1) trixie: resolved (fixed in 1:7.0+dfsg-1)

CVE-2021-3507 [MEDIUM] qemu vulnerabilities qemu vulnerabilities Alexander Bulekov discovered that QEMU incorrectly handled floppy disk emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak sensitive information. (CVE-2021-3507) It was discovered that QEMU incorrectly handled NVME controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-3929) It was discovered that QEMU incorrectly handled QXL display device emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-

CVE-2021-4206 [HIGH] CWE-190 GHSA-rxh4-5vqx-xjq8: A flaw was found in the QXL display device emulation in QEMU A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

CVE-2021-4206 [HIGH] CVE-2021-4206: A flaw was found in the QXL display device emulation in QEMU A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.