Filtered by vendor Qemu
Subscriptions
Total
413 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20196 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-08-03 | 6.5 Medium |
| A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20181 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-03 | 7.5 High |
| A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability. | ||||
| CVE-2021-20221 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-08-03 | 6.0 Medium |
| An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. | ||||
| CVE-2021-20203 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-08-03 | 3.2 Low |
| An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. | ||||
| CVE-2021-4206 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-08-03 | 8.2 High |
| A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | ||||
| CVE-2021-4158 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-08-03 | 6.0 Medium |
| A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | ||||
| CVE-2021-4207 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-08-03 | 8.2 High |
| A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | ||||
| CVE-2021-4145 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-08-03 | 6.5 Medium |
| A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. | ||||
| CVE-2021-3930 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Advanced Virtualization and 8 more | 2024-08-03 | 6.5 Medium |
| An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. | ||||
| CVE-2021-3947 | 1 Qemu | 1 Qemu | 2024-08-03 | 5.5 Medium |
| A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information. | ||||
| CVE-2021-3929 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-08-03 | 8.2 High |
| A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. | ||||
| CVE-2021-3748 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-08-03 | 7.5 High |
| A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. | ||||
| CVE-2021-3750 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Rhel Eus | 2024-08-03 | 8.2 High |
| A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. | ||||
| CVE-2021-3735 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-03 | 4.4 Medium |
| A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3608 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-08-03 | 6.0 Medium |
| A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3713 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-03 | 7.4 High |
| An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. | ||||
| CVE-2021-3607 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-08-03 | 6.0 Medium |
| An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3682 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-08-03 | 8.5 High |
| A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. | ||||
| CVE-2021-3611 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-08-03 | 6.5 Medium |
| A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. | ||||
| CVE-2021-3546 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-03 | 8.2 High |
| An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process. | ||||