Gerd Hoffmann

**Nome do software vulnerável e versões afetadas** QEMU (versões afetadas não especificadas) **Descrição** Foi identificada uma vulnerabilidade de liberação dupla nos dispositivos virtio do QEMU, incluindo virtio-gpu, virtio-serial-bus e virtio-crypto. O sinalizador mem reentrancy guard não oferece proteção suficiente contra problemas de reentrância de DMA, o que poderia permitir que um usuário convidado mal-intencionado com privilégios causasse a falha do processo QEMU no host, resultando em uma negação de serviço ou permitindo a execução de código arbitrário no contexto do processo QEMU no host. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 2.8 **Description** The issue is related to an out-of-bounds access problem that could occur while copying VGA data in the `cirrus bitblt cputovideo` function. A privileged user inside the guest could potentially use this flaw to crash the QEMU process or execute arbitrary code on the host with the privileges of the QEMU process. **Recommendations** For QEMU versions prior to 2.8, update to version 2.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 2.4.0.1 **Description** The issue is related to a buffer overflow in the `vnc refresh server surface` function within the VNC display driver. This allows guest users to potentially cause a denial of service, resulting in heap memory corruption and a process crash, or possibly execute arbitrary code on the host. The issue is related to the refreshing of the server display surface. **Recommendations** For QEMU versions prior to 2.4.0.1, update to version 2.4.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the VNC display driver until a patch is available. Restrict access to the VNC display driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue allows local guest users to gain privileges by writing to QEMU memory locations. This is related to rectangle handling in the vmware-vga driver. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xen hypervisor block backend driver for Linux kernel version 2.6.18 **Description** The issue allows local privileged users in a 32-bit paravirtualized guest OS to cause a denial of service, resulting in a crash of the host OS, which is 64-bit. This is achieved by sending a request that specifies a large number of blocks. **Recommendations** For Linux kernel version 2.6.18, consider restricting access to the block backend driver to minimize the risk of exploitation until a patch is available.