Gaoning Pan

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** A flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring, allowing a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference flaw in the Linux kernel's KVM module. This flaw can lead to a denial of service in the `x86 emulate insn` function in `arch/x86/kvm/emulate.c`. The flaw occurs when an illegal instruction is executed in a guest on an Intel CPU. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel versions prior to the fixed version **Description** The issue is related to a NULL pointer dereference in the KVM subsystem of the Linux kernel, specifically in the `kvm dirty ring push` function. This flaw can be exploited by an unprivileged local attacker on the host to cause a denial of service by issuing specific ioctl calls, resulting in a kernel oops condition. **Recommendations** For Linux Kernel versions prior to the fixed version, consider disabling the dirty ring support as a temporary workaround until a patch is available. Restrict access to the vulnerable `kvm dirty ring push` function to minimize the risk of exploitation. Avoid using specific ioctl calls that can cause a kernel oops condition until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel versions prior to the fixed version **Description** A flaw was found in the Kernel-based Virtual Machine (KVM) subsystem of the Linux kernel. The issue is related to the `get user pages fast()` function and involves writing data outside the buffer in memory. This flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. The `vaddr` and `vm pgoff` variables are controllable by user-mode processes, which can be exploited to cause the issue. **Recommendations** For Linux Kernel versions prior to the fixed version, consider updating to a newer version that contains a fix for this issue. As a temporary workaround, restrict access to the KVM subsystem to minimize the risk of exploitation. Avoid using the `get user pages fast()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw in the Linux kernel's KVM allows a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This issue enables an unprivileged local attacker on the host to issue specific ioctl calls, resulting in a kernel oops condition that causes a denial of service. The vulnerability is related to errors in pointer dereferencing in the kvm irq delivery to apic fast() function of the Kernel-based Virtual Machine (KVM) subsystem. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue is related to a NULL pointer dereference flaw in the floppy disk emulator of QEMU. This flaw occurs when processing read/write `ioport` commands if the selected floppy drive is not initialized with a block device. It allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this issue is to system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU versions up to v5.2.0 **Description** An integer overflow issue was found in the vmxnet3 NIC emulator of QEMU. This issue may occur if a guest supplies invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host, resulting in a Denial of Service (DoS) scenario. **Recommendations** For QEMU versions up to v5.2.0, update to a version later than v5.2.0 to resolve the issue. As a temporary workaround, consider restricting the ability of guest users to supply invalid values for NIC parameters to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 6.1.18 Description: The issue exists due to insufficient input validation in the Core component of Oracle VM VirtualBox. Exploitation of this issue can allow an attacker to cause a denial of service, resulting in a hang or frequently repeatable crash of Oracle VM VirtualBox. A high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes can compromise Oracle VM VirtualBox. Recommendations: For versions prior to 6.1.18, update to version 6.1.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.18 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. **Recommendations** For versions prior to 6.1.18, update to version 6.1.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.18 **Description** The issue is related to insufficient access control in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. **Recommendations** For versions prior to 6.1.18, update to version 6.1.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.18 **Description** The issue is related to insufficient access control in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon access to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox, potentially impacting additional products. **Recommendations** For versions prior to 6.1.18, update to version 6.1.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.18 **Description** The issue is related to insufficient access control in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with logon access to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in the takeover of Oracle VM VirtualBox and may significantly impact additional products. **Recommendations** For versions prior to 6.1.18, update to version 6.1.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** QEMU version 4.2.1 **Description** The issue is related to incorrect calculations in the `ati 2d blt` function within the `hw/display/ati 2d.c` file of the QEMU emulator. This can lead to an outside-limits situation in a calculation, allowing a remote attacker to cause a denial of service. A guest can potentially crash the QEMU process. **Recommendations** For QEMU version 4.2.1, consider disabling the `ati 2d blt` function in the `hw/display/ati 2d.c` file as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the `hw/display/ati 2d.c` module to minimize the risk of crashing the QEMU process. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.16 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, which can be exploited to cause a denial of service. A low-privileged attacker with login access to the infrastructure where Oracle VM VirtualBox is running can compromise the system, resulting in the ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox. **Recommendations** For versions prior to 6.1.16, update to version 6.1.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 6.1.16 Description: The issue is related to inadequate access control in the Core component of Oracle VM VirtualBox, allowing a highly privileged attacker with login access to the infrastructure where Oracle VM VirtualBox is executed to compromise it. Although the vulnerability is in Oracle VM VirtualBox, successful attacks can significantly impact additional products, potentially resulting in the takeover of Oracle VM VirtualBox. Recommendations: For versions prior to 6.1.16, update to version 6.1.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation. Additionally, ensure that only highly privileged and trusted users have login access to the infrastructure where Oracle VM VirtualBox is executed.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to pointer dereference errors in the Linux kernel. It allows an attacker to access confidential data, compromise its integrity, and cause a denial of service. Specifically, with shadow paging enabled, the INVPCID instruction results in a call to `kvm mmu invpcid gva`. If INVPCID is executed with CR0.PG=0, the `invlpg` callback is not set, leading to a NULL pointer dereference. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.