P J P

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue is related to an integer overflow in the VGA module, allowing local guest OS users to cause a denial of service. This can be achieved by editing VGA registers in VBE mode, resulting in an out-of-bounds read and a crash of the QEMU process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 2.4.0.1 Arista (affected versions not specified) **Description** The issue allows attackers to cause a denial of service or possibly execute arbitrary code via vectors related to receiving packets. This is related to the `ne2000 receive` function in `hw/net/ne2000.c`. **Recommendations** For QEMU versions prior to 2.4.0.1, update to version 2.4.0.1 or later to resolve the issue. For Arista, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 2.4.0.1 **Description** A flaw in the QEMU-emulated e1000 network interface card allows attackers to cause a denial of service, resulting in an infinite loop and guest crash, when sending a network packet. This issue can be exploited by a privileged guest user to crash the guest. **Recommendations** For versions prior to 2.4.0.1, update to version 2.4.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `process tx desc` function in the `hw/net/e1000.c` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.18.1 ALT Linux (affected versions not specified) **Description** The issue is related to the rock continue function in fs/isofs/rock.c, which does not properly restrict the number of Rock Ridge continuation entries. This allows local users to cause a denial of service, potentially leading to an infinite loop, and system crash or hang, via a crafted iso9660 image. **Recommendations** For Linux kernel versions prior to 3.18.1, update to version 3.18.1 or later to resolve the issue. For ALT Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.