Debian Qemu vulnerabilities

CVE-2017-9375 [MEDIUM] CVE-2017-9375: qemu - QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support,... QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. Scope: local bookworm: resolved (fixed in 1:2.10.0-1) bullseye: resolved (fixed in 1:2.10.0-1) forky: resolved (fixed in 1:2.10.0-1)

CVE-2017-5525 [MEDIUM] CVE-2017-5525: qemu - Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest O... Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-2) bullseye: resolved (fixed in 1:2.8+dfsg-2) forky: resolved (fixed in 1:2.8+dfsg-2) sid: re

CVE-2017-5579 [MEDIUM] CVE-2017-5579: qemu - Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Qu... Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-3) bullseye: resolved (fixed in 1:2.8+dfsg-3) forky: resolv

CVE-2017-18043 [MEDIUM] CVE-2017-18043: qemu - Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a ... Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). Scope: local bookworm: resolved (fixed in 1:2.10.0+dfsg-2) bullseye: resolved (fixed in 1:2.10.0+dfsg-2) forky: resolved (fixed in 1:2.10.0+dfsg-2) sid: resolved (fixed in 1:2.10.0+dfsg-2) trixie: resolved (fixed in 1:2.10.0+dfsg-2)

CVE-2017-8086 [MEDIUM] CVE-2017-8086: qemu - Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Q... Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-5) bullseye: resolved (fixed in 1:2.8+dfsg-5) forky: resolved (fixed in 1:2.8+dfsg-5) s

CVE-2017-17381 [MEDIUM] CVE-2017-17381: qemu - The Virtio Vring implementation in QEMU allows local OS guest users to cause a d... The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. Scope: local bookworm: resolved (fixed in 1:2.11+dfsg-1) bullseye: resolved (fixed in 1:2.11+dfsg-1) forky: resolved (fixed in 1:2.11+dfsg-1) sid: resolved (fixed in 1:

CVE-2017-10806 [MEDIUM] CVE-2017-10806: qemu - Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) al... Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-7) bullseye: resolved (fixed in 1:2.8+dfsg-7) forky: resolved (fixed in 1:2.8+dfsg-7) sid: resolved (fixed in 1:2

CVE-2017-5973 [MEDIUM] CVE-2017-5973: qemu - The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) a... The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-3) bullseye: resolved (fixed in 1:2.8+dfsg-3) forky: resolved (fixed in

CVE-2017-9330 [MEDIUM] CVE-2017-9330: qemu - QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation s... QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-7) bullseye: resolved (fixed in 1:2.8+dfsg-7) forky: resolved (fixed i

CVE-2017-7377 [MEDIUM] CVE-2017-7377: qemu - The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka ... The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-4) bullseye: resolved (fixed in 1:2.8+dfsg-4) forky: resolved (fixed

CVE-2017-6505 [MEDIUM] CVE-2017-6505: qemu - The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulat... The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-4) bullseye: resolved (fixed in 1:

CVE-2017-12809 [MEDIUM] CVE-2017-12809: qemu - QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator ... QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. Scope: local bookworm: resolved (fixed in 1:2.10.0-1) bullseye: resolved (fixed in 1:2.10.0-1) forky: resolved (fixed in

CVE-2017-7718 [MEDIUM] CVE-2017-7718: qemu - hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS p... hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-4) bullseye: resolved (fixed in 1

CVE-2017-9374 [MEDIUM] CVE-2017-9374: qemu - Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation sup... Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-7) bullseye: resolved (fixed in 1:2.8+dfsg-7) forky: resolved (fixed in 1:2.8+dfsg-7) sid: resolved (f

CVE-2017-5667 [MEDIUM] CVE-2017-5667: qemu - The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quic... The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-3) bullseye: resolved (fixed

CVE-2017-5715 [MEDIUM] CVE-2017-5715: amd64-microcode - Systems with microprocessors utilizing speculative execution and indirect branch... Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Scope: local bookworm: resolved (fixed in 3.20180515.1) bullseye: resolved (fixed in 3.20180515.1) forky: resolved (fixed in 3.20180515.1) sid: resolved

CVE-2017-15038 [MEDIUM] CVE-2017-15038: qemu - Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick... Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. Scope: local bookworm: resolved (fixed in 1:2.10.0+dfsg-2) bullseye: resolved (fixed in 1:2.10.0+dfsg-2) forky: resolved (fixed in 1:2.10.0+dfsg

CVE-2017-9503 [MEDIUM] CVE-2017-9503: qemu - QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter... QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. Scope: local bookworm: resolved (fixed in 1:2.10.0-1) bullseye: resolved (fixed in 1:2.10.0-1) forky: r

CVE-2017-5857 [MEDIUM] CVE-2017-5857: qemu - Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d... Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand. Scope: local bookworm: resolved (fixed in 1:2.8+dfsg-3) bull

CVE-2017-2615 [MEDIUM] CVE-2017-2615: qemu - Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vu... Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU proces