Gerd Hoffmann

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** A double free vulnerability was found in QEMU virtio devices, including virtio-gpu, virtio-serial-bus, and virtio-crypto. The mem reentrancy guard flag does not sufficiently protect against DMA reentrancy issues, which could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 2.8 **Description** The issue is related to an out-of-bounds access problem that could occur while copying VGA data in the `cirrus bitblt cputovideo` function. A privileged user inside the guest could potentially use this flaw to crash the QEMU process or execute arbitrary code on the host with the privileges of the QEMU process. **Recommendations** For QEMU versions prior to 2.8, update to version 2.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 2.4.0.1 **Description** The issue is related to a buffer overflow in the `vnc refresh server surface` function within the VNC display driver. This allows guest users to potentially cause a denial of service, resulting in heap memory corruption and a process crash, or possibly execute arbitrary code on the host. The issue is related to the refreshing of the server display surface. **Recommendations** For QEMU versions prior to 2.4.0.1, update to version 2.4.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the VNC display driver until a patch is available. Restrict access to the VNC display driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue allows local guest users to gain privileges by writing to QEMU memory locations. This is related to rectangle handling in the vmware-vga driver. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xen hypervisor block backend driver for Linux kernel version 2.6.18 **Description** The issue allows local privileged users in a 32-bit paravirtualized guest OS to cause a denial of service, resulting in a crash of the host OS, which is 64-bit. This is achieved by sending a request that specifies a large number of blocks. **Recommendations** For Linux kernel version 2.6.18, consider restricting access to the block backend driver to minimize the risk of exploitation until a patch is available.