The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HQemu
APPQemu≤ 7.0.0
Powiązane podatności
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attack...
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows ...
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer ...
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers...
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is ...