exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

CVE-2016-4020

Status Candidate

Overview

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

Related Files

Red Hat Security Advisory 2017-2408-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2408-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick Emulator built with Network Block Device Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client that was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-10155, CVE-2016-4020, CVE-2016-6888, CVE-2016-7422, CVE-2016-7466, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2017-5579, CVE-2017-5973, CVE-2017-6414, CVE-2017-8309, CVE-2017-8379, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375, CVE-2017-9524
MD5 | 43453dd199302989251381bee4c45dba
Red Hat Security Advisory 2017-2392-01
Posted Aug 2, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2392-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. The following packages have been upgraded to a later upstream version: qemu-kvm-rhev. Security Fix: A stack buffer overflow flaw was found in the Quick Emulator built with the Network Block Device client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-10155, CVE-2016-4020, CVE-2016-6835, CVE-2016-6888, CVE-2016-7422, CVE-2016-7466, CVE-2016-8576, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2017-2630, CVE-2017-5579, CVE-2017-5898, CVE-2017-5973, CVE-2017-9310, CVE-2017-9373, CVE-2017-9374, CVE-2017-9375
MD5 | 7b9de3483b6b1af562846fd2a740e94b
Red Hat Security Advisory 2017-1856-01
Posted Aug 1, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1856-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: An out-of-bounds memory access issue was found in Quick Emulator in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2016-4020, CVE-2017-2633, CVE-2017-5898
MD5 | 87417922356d82cce6315bf8801ef622
Gentoo Linux Security Advisory 201609-01
Posted Sep 26, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201609-1 - Multiple vulnerabilities have been found in QEMU, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 2.7.0-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2016-2841, CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE-2016-4439, CVE-2016-4441, CVE-2016-4453, CVE-2016-4454, CVE-2016-4964, CVE-2016-5106, CVE-2016-5107, CVE-2016-5126, CVE-2016-5238, CVE-2016-5337, CVE-2016-5338, CVE-2016-6490, CVE-2016-6833, CVE-2016-6834, CVE-2016-6836, CVE-2016-6888, CVE-2016-7116, CVE-2016-7156, CVE-2016-7157, CVE-2016-7422
MD5 | ebe58a2d5f3e8c87ab5780e9f493bd42
Ubuntu Security Notice USN-2974-1
Posted May 12, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2974-1 - Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Qinghao Tang discovered that QEMU incorrectly handled USB Net emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak host memory bytes. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2391, CVE-2016-2392, CVE-2016-2538, CVE-2016-2841, CVE-2016-2857, CVE-2016-2858, CVE-2016-3710, CVE-2016-3712, CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE-2016-4037
MD5 | c2708302081e86ba5d1224f981e5cb22
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close