CVE-2021-3544

Related Files

Gentoo Linux Security Advisory 202208-27

Posted Aug 15, 2022

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-27 - Multiple vulnerabilities have been discovered in QEMU, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 7.0.0 are affected.

tags | advisory, remote, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2020-15859, CVE-2020-15863, CVE-2020-16092, CVE-2020-35504, CVE-2020-35505, CVE-2020-35506, CVE-2020-35517, CVE-2021-20203, CVE-2021-20257, CVE-2021-20263, CVE-2021-3409, CVE-2021-3416, CVE-2021-3527, CVE-2021-3544

SHA-256 | ad311203dff6a2553339d7456d04215ce76124a29b19165d124b263667c89b9c

Download | Favorite | View

Debian Security Advisory 4980-1

Posted Oct 28, 2021

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4980-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the the execution of arbitrary code.

tags | advisory, denial of service, arbitrary

systems | linux, debian

advisories | CVE-2021-3544, CVE-2021-3545, CVE-2021-3546, CVE-2021-3638, CVE-2021-3682, CVE-2021-3713, CVE-2021-3748

SHA-256 | ddc750d896a05a7739ac3c32ccc088274d91a7af3ee492e2f13ec7ec5e11244b

Download | Favorite | View

Lexmark Driver Privilege Escalation

Posted Aug 12, 2021

Authored by Jacob Baines, Shelby Pace, Grant Willcox | Site metasploit.com

Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileged authenticated users to elevate their privileges to SYSTEM on affected Windows systems by modifying the XML file at C:\ProgramData\<driver name>\Universal Color Laser.gdl to replace the DLL path to unires.dll with a malicious DLL path. When C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs is then used to add the printer to the affected system, PrintIsolationHost.exe, a Windows process running as NT AUTHORITY\SYSTEM, will inspect the C:\ProgramData\<driver name>\Universal Color Laser.gdl file and will load the malicious DLL from the path specified in the file. This which will result in the malicious DLL executing as NT AUTHORITY\SYSTEM. Once this module is finished, it will use the prnmngr.vbs script to remove the printer it added.

tags | exploit

systems | windows

advisories | CVE-2021-35449

SHA-256 | db241e26cf8e485cbeaa7d359e18c68f4083f5cbe8615e284394323a682200d8

Download | Favorite | View

Ubuntu Security Notice USN-5010-1

Posted Jul 15, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5010-1 - Lei Sun discovered that QEMU incorrectly handled certain MMIO operations. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. Wenxiang Qian discovered that QEMU incorrectly handled certain ATAPI commands. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 21.04. Various other issues were also addressed.

tags | advisory, denial of service

systems | linux, ubuntu

advisories | CVE-2020-15469, CVE-2020-29443, CVE-2020-35505, CVE-2020-35517, CVE-2021-20221, CVE-2021-20257, CVE-2021-3392, CVE-2021-3409, CVE-2021-3416, CVE-2021-3527, CVE-2021-3544, CVE-2021-3545, CVE-2021-3546, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595, CVE-2021-3608

SHA-256 | c4d63dc41ceb7caa0f49a3eacc4d8caaa17252efd4913df4a83ba610c5446f40

Download | Favorite | View