FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
405446f4-b1b3-11e5-9728-002590263bf5qemu and xen-tools -- denial of service vulnerabilities in AMD PC-Net II NIC support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the AMD PC-Net II Ethernet Controller support is vulnerable to a heap buffer overflow flaw. While receiving packets in the loopback mode, it appends CRC code to the receive buffer. If the data size given is same as the receive buffer size, the appended CRC code overwrites 4 bytes beyond this 's->buffer' array.

A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the Qemu instance resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host.

The AMD PC-Net II emulator(hw/net/pcnet.c), while receiving packets from a remote host(non-loopback mode), fails to validate the received data size, thus resulting in a buffer overflow issue. It could potentially lead to arbitrary code execution on the host, with privileges of the Qemu process. It requires the guest NIC to have larger MTU limit.

A remote user could use this flaw to crash the guest instance resulting in DoS or potentially execute arbitrary code on a remote host with privileges of the Qemu process.


Discovery 2015-11-30
Entry 2016-01-03
Modified 2016-01-06
qemu
qemu-devel
< 2.5.0

qemu-sbruno
qemu-user-static
< 2.5.50.g20151224

xen-tools
< 4.5.2_1

CVE-2015-7504
CVE-2015-7512
http://www.openwall.com/lists/oss-security/2015/11/30/2
http://www.openwall.com/lists/oss-security/2015/11/30/3
http://git.qemu.org/?p=qemu.git;a=commit;h=837f21aacf5a714c23ddaadbbc5212f9b661e3f7
http://git.qemu.org/?p=qemu.git;a=commit;h=8b98a2f07175d46c3f7217639bd5e03f2ec56343
https://github.com/seanbruno/qemu-bsd-user/commit/837f21aacf5a714c23ddaadbbc5212f9b661e3f7
https://github.com/seanbruno/qemu-bsd-user/commit/8b98a2f07175d46c3f7217639bd5e03f2ec56343
http://xenbits.xen.org/xsa/advisory-162.html
152acff3-b1bd-11e5-9728-002590263bf5qemu -- denial of service vulnerability in Q35 chipset emulation

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the Q35 chipset based pc system emulator is vulnerable to a heap based buffer overflow. It occurs during VM guest migration, as more(16 bytes) data is moved into allocated (8 bytes) memory area.

A privileged guest user could use this issue to corrupt the VM guest image, potentially leading to a DoS. This issue affects q35 machine types.


Discovery 2015-11-19
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
< 2.5.50

qemu-sbruno
qemu-user-static
< 2.5.50.g20151224

CVE-2015-8666
http://www.openwall.com/lists/oss-security/2015/12/24/1
http://git.qemu.org/?p=qemu.git;a=commit;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb
https://github.com/seanbruno/qemu-bsd-user/commit/d9a3b33d2c9f996537b7f1d0246dee2d0120cefb
9ad8993e-b1ba-11e5-9728-002590263bf5qemu -- denial of service vulnerability in VMWARE VMXNET3 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to a memory leakage flaw. It occurs when a guest repeatedly tries to activate the vmxnet3 device.

A privileged guest user could use this flaw to leak host memory, resulting in DoS on the host.


Discovery 2015-12-15
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
< 2.5.0

qemu-sbruno
qemu-user-static
< 2.5.50.g20160213

CVE-2015-8567
CVE-2015-8568
ports/205813
ports/205814
http://www.openwall.com/lists/oss-security/2015/12/15/4
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
http://git.qemu.org/?p=qemu.git;a=commit;h=aa4a3dce1c88ed51b616806b8214b7c8428b7470
https://github.com/seanbruno/qemu-bsd-user/commit/aa4a3dce1c88ed51b616806b8214b7c8428b7470
3fb06284-b1b7-11e5-9728-002590263bf5qemu -- denial of service vulnerability in MSI-X support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer dereference issue. It occurs when the controller attempts to write to the pending bit array(PBA) memory region. Because the MSI-X MMIO support did not define the .write method.

A privileges used inside guest could use this flaw to crash the Qemu process resulting in DoS issue.


Discovery 2015-06-26
Entry 2016-01-03
qemu
qemu-devel
< 2.5.0

qemu-sbruno
qemu-user-static
< 2.5.50.g20151224

CVE-2015-7549
http://www.openwall.com/lists/oss-security/2015/12/14/2
http://git.qemu.org/?p=qemu.git;a=commit;h=43b11a91dd861a946b231b89b7542856ade23d1b
https://github.com/seanbruno/qemu-bsd-user/commit/43b11a91dd861a946b231b89b7542856ade23d1b
1384f2fd-b1be-11e5-9728-002590263bf5qemu -- denial of service vulnerability in Rocker switch emulation

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit(tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments.

A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the Qemu process instance resulting in DoS issue.


Discovery 2015-12-28
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
< 2.5.50

qemu-sbruno
qemu-user-static
< 2.5.50.g20160213

CVE-2015-8701
ports/205813
ports/205814
http://www.openwall.com/lists/oss-security/2015/12/28/6
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html
http://git.qemu.org/?p=qemu.git;a=commit;h=007cd223de527b5f41278f2d886c1a4beb3e67aa
https://github.com/seanbruno/qemu-bsd-user/commit/007cd223de527b5f41278f2d886c1a4beb3e67aa
b3f9f8ef-b1bb-11e5-9728-002590263bf5qemu -- denial of service vulnerability in MegaRAID SAS HBA emulation

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the SCSI MegaRAID SAS HBA emulation support is vulnerable to a stack buffer overflow issue. It occurs while processing the SCSI controller's CTRL_GET_INFO command. A privileged guest user could use this flaw to crash the Qemu process instance resulting in DoS.


Discovery 2015-12-21
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
< 2.5.0

qemu-sbruno
qemu-user-static
< 2.5.50.g20160213

CVE-2015-8613
ports/205813
ports/205814
http://www.openwall.com/lists/oss-security/2015/12/21/7
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html
http://git.qemu.org/?p=qemu.git;a=commit;h=36fef36b91f7ec0435215860f1458b5342ce2811
https://github.com/seanbruno/qemu-bsd-user/commit/36fef36b91f7ec0435215860f1458b5342ce2811
67feba97-b1b5-11e5-9728-002590263bf5qemu -- denial of service vulnerability in VNC

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the VNC display driver support is vulnerable to an arithmetic exception flaw. It occurs on the VNC server side while processing the 'SetPixelFormat' messages from a client.

A privileged remote client could use this flaw to crash the guest resulting in DoS.


Discovery 2015-12-08
Entry 2016-01-03
qemu
qemu-devel
< 2.5.0

qemu-sbruno
qemu-user-static
< 2.5.50.g20151224

CVE-2015-8504
http://www.openwall.com/lists/oss-security/2015/12/08/4
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3
https://github.com/seanbruno/qemu-bsd-user/commit/4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3
b56fe6bb-b1b1-11e5-9728-002590263bf5qemu -- denial of service vulnerabilities in eepro100 NIC support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the i8255x (PRO100) emulation support is vulnerable to an infinite loop issue. It could occur while processing a chain of commands located in the Command Block List (CBL). Each Command Block(CB) points to the next command in the list. An infinite loop unfolds if the link to the next CB points to the same block or there is a closed loop in the chain.

A privileged(CAP_SYS_RAWIO) user inside guest could use this flaw to crash the Qemu instance resulting in DoS.


Discovery 2015-10-16
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
< 2.5.50

qemu-sbruno
qemu-user-static
< 2.5.50.g20160213

CVE-2015-8345
ports/205813
ports/205814
http://www.openwall.com/lists/oss-security/2015/11/25/3
https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
http://git.qemu.org/?p=qemu.git;a=commit;h=00837731d254908a841d69298a4f9f077babaf24
https://github.com/seanbruno/qemu-bsd-user/commit/00837731d254908a841d69298a4f9f077babaf24
62ab8707-b1bc-11e5-9728-002590263bf5qemu -- denial of service vulnerability in Human Monitor Interface support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the Human Monitor Interface(HMP) support is vulnerable to an OOB write issue. It occurs while processing 'sendkey' command in hmp_sendkey routine, if the command argument is longer than the 'keyname_buf' buffer size.

A user/process could use this flaw to crash the Qemu process instance resulting in DoS.


Discovery 2015-12-23
Entry 2016-01-03
Modified 2016-07-06
qemu
qemu-devel
< 2.5.0

qemu-sbruno
qemu-user-static
< 2.5.50.g20160213

CVE-2015-8619
ports/205813
ports/205814
http://www.openwall.com/lists/oss-security/2015/12/22/8
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html
http://git.qemu.org/?p=qemu.git;a=commit;h=64ffbe04eaafebf4045a3ace52a360c14959d196
https://github.com/seanbruno/qemu-bsd-user/commit/64ffbe04eaafebf4045a3ace52a360c14959d196
60cb2055-b1b8-11e5-9728-002590263bf5qemu -- denial of service vulnerability in USB EHCI emulation support

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interface(EHCI) and a respective device driver. These two communicate via a isochronous transfer descriptor list(iTD) and an infinite loop unfolds if there is a closed loop in this list.

A privileges user inside guest could use this flaw to consume excessive CPU cycles & resources on the host.


Discovery 2015-12-14
Entry 2016-01-03
qemu
qemu-devel
< 2.5.0

qemu-sbruno
qemu-user-static
< 2.5.50.g20151224

CVE-2015-8558
ports/205814
http://www.openwall.com/lists/oss-security/2015/12/14/9
http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254
https://github.com/seanbruno/qemu-bsd-user/commit/156a2e4dbffa85997636a7a39ef12da6f1b40254