Donghai Zdh

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue concerns the `patch instruction` function in `hw/i386/kvmvapic.c` which does not initialize the `imm32` variable. This allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue is related to the cpu physical memory write rom internal function in exec.c, which does not properly skip MMIO regions. This allows local privileged guest users to cause a denial of service, resulting in a guest crash, via unspecified vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 2.4 **Description** The issue concerns the `fw cfg write` and `fw cfg read` functions in QEMU, which can be exploited by guest OS users with the `CAP SYS RAWIO` privilege to cause a denial of service, including out-of-bounds read or write access and process crash, or possibly execute arbitrary code. This is achieved by providing an invalid current entry value in a firmware configuration. **Recommendations** For QEMU versions prior to 2.4, update to version 2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Firmware Configuration device emulation support to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** QEMU versions 1.6.0 through 2.3.1 **Description** The issue is related to an OOB r/w access problem that could occur while doing pci dma read/write calls. This is due to QEMU's use of 'address space translate' to map an address to a MemoryRegionSection. A privileged user inside the guest could exploit this to crash the guest instance, resulting in a denial of service. **Recommendations** For QEMU versions 1.6.0 through 2.3.1, update to a version that contains a fix for this issue to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.