Debian Qemu vulnerabilities

CVE-2015-7504 [HIGH] CVE-2015-7504: qemu - Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QE... Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. Scope: local bookworm: resolved (fixed in 1:2.5+dfsg-1) bullseye: resolved (fixed in 1:2.5+dfsg-1) forky: resolved (fixed in 1:2.5+dfsg-

CVE-2015-8567 [HIGH] CVE-2015-8567: qemu - Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial o... Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). Scope: local bookworm: resolved (fixed in 1:2.5+dfsg-3) bullseye: resolved (fixed in 1:2.5+dfsg-3) forky: resolved (fixed in 1:2.5+dfsg-3) sid: resolved (fixed in 1:2.5+dfsg-3) trixie: resolved (fixed in 1:2.5+dfsg-3)

CVE-2015-1779 [HIGH] CVE-2015-1779: qemu - The VNC websocket frame decoder in QEMU allows remote attackers to cause a denia... The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. Scope: local bookworm: resolved (fixed in 1:2.3+dfsg-1) bullseye: resolved (fixed in 1:2.3+dfsg-1) forky: resolved (fixed in 1:2.3+dfsg-1) sid: resolved (fixed in 1:2.3+dfsg-1) trixie: res

CVE-2015-8666 [HIGH] CVE-2015-8666: qemu - Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC sys... Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. Scope: local bookworm: resolved (fixed in 1:2.5+dfsg-1) bullseye: resolved (fixed in 1:2.5+dfsg-1) forky: resolved (fixed in 1:2.5+dfsg-1) sid: resolved (fixed in 1:2.5+dfsg-1) trixie: resolved (fixed in 1:2.5+dfsg-1)

CVE-2015-5166 [HIGH] CVE-2015-5166: qemu - Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completel... Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. Scope: local bookworm: resolved (fixed in 1:2.4+dfsg-1a) bullseye: resolved (fixed in 1:2.4+dfsg-1a) forky: resolved (fixed in 1:2.4+dfsg-1a) sid: resolved (fixed in 1:2.

CVE-2015-4104 [HIGH] CVE-2015-4104: qemu - Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, ... Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. Scope: local bookworm: resolved (fixed in 1:2.3+dfsg-5) bullseye: resolved (fixed in 1:2.3+dfsg-5) forky: resolved (fixed in 1:2.3+dfsg-5) sid: resolved (fixed in

CVE-2015-5225 [HIGH] CVE-2015-5225: qemu - Buffer overflow in the vnc_refresh_server_surface function in the VNC display dr... Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface. Scope: local bookworm: resolved (fixed in 1:2.4+dfsg

CVE-2015-5279 [HIGH] CVE-2015-5279: qemu - Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in ... Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Scope: local bookworm: resolved (fixed in 1:2.4+dfsg-3) bullseye: resolved (fixed in 1:2.4+dfsg-3) forky: resolved (fixed in 1:2

CVE-2015-8619 [HIGH] CVE-2015-8619: qemu - The Human Monitor Interface support in QEMU allows remote attackers to cause a d... The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). Scope: local bookworm: resolved (fixed in 1:2.5+dfsg-5) bullseye: resolved (fixed in 1:2.5+dfsg-5) forky: resolved (fixed in 1:2.5+dfsg-5) sid: resolved (fixed in 1:2.5+dfsg-5) trixie: resolved (fixed in 1:2.5+dfsg-5)

CVE-2015-6855 [HIGH] CVE-2015-6855: qemu - hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATA... hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. Scope: local bookworm: resolved (f

CVE-2015-8550 [HIGH] CVE-2015-8550: linux - Xen, when used on a system providing PV backends, allows local guest OS administ... Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. Scope: local bookworm: resolved (fixed in 4.3.3-3) bullseye: resolved (fixed in 4.3.3-3) forky: resolved (fixed in 4.3.3-3) s

CVE-2015-8818 [MEDIUM] CVE-2015-8818: qemu - The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick... The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. Scope: local bookworm: resolved (fixed in 1:2.4+dfsg-1a) bullseye: resolved (fixed in 1:2.4+dfsg-1a) forky: resolved (fixed in 1:2.4+

CVE-2015-8745 [MEDIUM] CVE-2015-8745: qemu - QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator s... QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. Scope: local bookworm: resolved (fixed in 1:2.5+dfsg-1) bullseye: resolved (fixe

CVE-2015-4103 [MEDIUM] CVE-2015-4103: qemu - Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI ... Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. Scope: local bookworm: resolved (fixed in 1:2.3+dfsg-5) bullseye: resolved (fixed in 1:2.3

CVE-2015-7549 [MEDIUM] CVE-2015-7549: qemu - The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows loca... The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. Scope: local bookworm: resolved (fixed in 1:2.5+dfsg-1) bullseye: resolved (fixed in 1:2.5+dfsg-1) forky: resolved (fixed in 1:2.5+df

CVE-2015-8504 [MEDIUM] CVE-2015-8504: qemu - Qemu, when built with VNC display driver support, allows remote attackers to cau... Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. Scope: local bookworm: resolved (fixed in 1:2.5+dfsg-1) bullseye: resolved (fixed in 1:2.5+dfsg-1) forky: resolved (fixed in 1:2.5+dfsg-1) sid: resolved (fixed in 1:2.5+dfs

CVE-2015-5158 [MEDIUM] CVE-2015-5158: qemu - Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-... Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block. Scope: local bookworm: resolved (fixed in 1:2.4+dfsg-1a) bullseye: resolved (fixed in 1:2.4+dfsg-1a) forky:

CVE-2015-8558 [MEDIUM] CVE-2015-8558: qemu - The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS... The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. Scope: local bookworm: resolved (fixed in 1:2.5+dfsg-2) bullseye: resolved (fixed in 1:2.5+dfsg-2) forky: resolved (fixed in 1:2.5+dfsg-2) sid: resolve

CVE-2015-5278 [MEDIUM] CVE-2015-5278: qemu - The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows att... The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. Scope: local bookworm: resolved (fixed in 1:2.4+dfsg-3) bullseye: resolved (fixed in 1:2.4+dfsg-3) forky: resolved (fixed in 1:2.4+dfsg-3) sid:

CVE-2015-2756 [MEDIUM] CVE-2015-2756: qemu - QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to P... QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. Sco