Filtered by vendor Qemu
Subscriptions
Filtered by product Qemu
Subscriptions
Total
414 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-8669 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2024-11-21 | 6.0 Medium |
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. | ||||
CVE-2016-8668 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2024-11-21 | 6.0 Medium |
The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size. | ||||
CVE-2016-8667 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2024-11-21 | 6.0 Medium |
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value. | ||||
CVE-2016-8578 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2024-11-21 | 6.0 Medium |
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. | ||||
CVE-2016-8577 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2024-11-21 | 6.0 Medium |
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation. | ||||
CVE-2016-8576 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2024-11-21 | 6.0 Medium |
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. | ||||
CVE-2016-7995 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2024-11-21 | 6.0 Medium |
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes. | ||||
CVE-2016-7994 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2024-11-21 | 6.0 Medium |
Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands. | ||||
CVE-2016-7909 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 4.4 Medium |
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. | ||||
CVE-2016-7908 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 4.4 Medium |
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. | ||||
CVE-2016-7907 | 1 Qemu | 1 Qemu | 2024-11-21 | 4.4 Medium |
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. | ||||
CVE-2016-7466 | 3 Opensuse, Qemu, Redhat | 5 Leap, Qemu, Enterprise Linux and 2 more | 2024-11-21 | 6.0 Medium |
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. | ||||
CVE-2016-7423 | 1 Qemu | 1 Qemu | 2024-11-21 | 4.4 Medium |
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects. | ||||
CVE-2016-7422 | 3 Opensuse, Qemu, Redhat | 5 Leap, Qemu, Enterprise Linux and 2 more | 2024-11-21 | 6.0 Medium |
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. | ||||
CVE-2016-7421 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 4.4 Medium |
The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size. | ||||
CVE-2016-7170 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2024-11-21 | 4.4 Medium |
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command. | ||||
CVE-2016-7161 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 9.8 Critical |
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. | ||||
CVE-2016-7157 | 1 Qemu | 1 Qemu | 2024-11-21 | 4.4 Medium |
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK. | ||||
CVE-2016-7156 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 4.4 Medium |
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast. | ||||
CVE-2016-7155 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 4.4 Medium |
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings. |