Filtered by vendor Qemu
Subscriptions
Filtered by product Qemu
Subscriptions
Total
413 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-12155 | 2 Qemu, Redhat | 5 Qemu, Advanced Virtualization, Enterprise Linux and 2 more | 2024-08-04 | N/A |
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | ||||
CVE-2019-12068 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-08-04 | 3.8 Low |
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. | ||||
CVE-2019-12067 | 4 Debian, Fedoraproject, Qemu and 1 more | 5 Debian Linux, Fedora, Qemu and 2 more | 2024-08-04 | 6.5 Medium |
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. | ||||
CVE-2019-9824 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2024-08-04 | N/A |
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. | ||||
CVE-2019-8934 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2024-08-04 | 3.3 Low |
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | ||||
CVE-2019-6778 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 7 Ubuntu Linux, Fedora, Leap and 4 more | 2024-08-04 | N/A |
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. | ||||
CVE-2019-6501 | 3 Fedoraproject, Qemu, Redhat | 5 Fedora, Qemu, Enterprise Linux and 2 more | 2024-08-04 | N/A |
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. | ||||
CVE-2019-5008 | 1 Qemu | 1 Qemu | 2024-08-04 | N/A |
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. | ||||
CVE-2019-3812 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Leap and 1 more | 2024-08-04 | N/A |
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. | ||||
CVE-2020-35503 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-08-04 | 6.0 Medium |
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
CVE-2020-35506 | 1 Qemu | 1 Qemu | 2024-08-04 | 6.7 Medium |
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process. | ||||
CVE-2020-35517 | 2 Qemu, Redhat | 3 Qemu, Advanced Virtualization, Enterprise Linux | 2024-08-04 | 8.2 High |
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. | ||||
CVE-2020-35505 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-04 | 4.4 Medium |
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
CVE-2020-35504 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-08-04 | 6.0 Medium |
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
CVE-2020-29443 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Advanced Virtualization and 2 more | 2024-08-04 | 3.9 Low |
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | ||||
CVE-2020-28916 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2024-08-04 | 5.5 Medium |
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | ||||
CVE-2020-27821 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-08-04 | 6.0 Medium |
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0. | ||||
CVE-2020-27661 | 1 Qemu | 1 Qemu | 2024-08-04 | 6.5 Medium |
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | ||||
CVE-2020-27616 | 1 Qemu | 1 Qemu | 2024-08-04 | 6.5 Medium |
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. | ||||
CVE-2020-27617 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-08-04 | 6.5 Medium |
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. |