Michael S. Tsirkin

6 exploits Active since Feb 2013
CVE-2021-4158 WRITEUP MEDIUM WRITEUP
QEMU 6.0.0-6.99 - Denial of Service via ACPI NULL Pointer Dereference
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
CVSS 6.0
CVE-2013-0311 WRITEUP WRITEUP
Linux kernel <3.7 - Privilege Escalation
The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.
CVE-2013-4127 WRITEUP WRITEUP
Linux Kernel < 3.10.3 - Use-After-Free in vhost_net_set_backend
Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.
CVE-2015-5745 WRITEUP MEDIUM WRITEUP
QEMU < 2.4.0 - Denial of Service via Virtio Serial Bus Control Message
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
CVSS 6.5
CVE-2015-6252 WRITEUP WRITEUP
Linux Kernel < 4.1.4 - Denial of Service via VHOST_SET_LOG_FD Ioctl
The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.
CVE-2017-8067 WRITEUP HIGH WRITEUP
Linux Kernel 4.9-4.9.23 - Out-of-bounds Write in virtio_console
drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
CVSS 7.8