Filtered by vendor Qemu Subscriptions
Filtered by product Qemu Subscriptions
Total 414 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-20257 4 Debian, Fedoraproject, Qemu and 1 more 9 Debian Linux, Fedora, Qemu and 6 more 2024-11-21 6.5 Medium
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20255 2 Debian, Qemu 2 Debian Linux, Qemu 2024-11-21 5.5 Medium
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20221 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Advanced Virtualization and 1 more 2024-11-21 6.0 Medium
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-20203 3 Debian, Fedoraproject, Qemu 3 Debian Linux, Fedora, Qemu 2024-11-21 3.2 Low
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-20196 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Advanced Virtualization and 1 more 2024-11-21 6.5 Medium
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20181 2 Debian, Qemu 2 Debian Linux, Qemu 2024-11-21 7.5 High
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
CVE-2020-7211 4 Libslirp Project, Microsoft, Qemu and 1 more 4 Libslirp, Windows, Qemu and 1 more 2024-11-21 7.5 High
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
CVE-2020-7039 5 Debian, Libslirp Project, Opensuse and 2 more 12 Debian Linux, Libslirp, Leap and 9 more 2024-11-21 5.6 Medium
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
CVE-2020-35517 2 Qemu, Redhat 3 Qemu, Advanced Virtualization, Enterprise Linux 2024-11-21 8.2 High
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
CVE-2020-35506 1 Qemu 1 Qemu 2024-11-21 6.7 Medium
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
CVE-2020-35505 2 Debian, Qemu 2 Debian Linux, Qemu 2024-11-21 4.4 Medium
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35504 3 Debian, Fedoraproject, Qemu 3 Debian Linux, Fedora, Qemu 2024-11-21 6.0 Medium
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35503 2 Fedoraproject, Qemu 2 Fedora, Qemu 2024-11-21 6.0 Medium
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-29443 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Advanced Virtualization and 2 more 2024-11-21 3.9 Low
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
CVE-2020-28916 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Enterprise Linux 2024-11-21 5.5 Medium
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
CVE-2020-27821 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Advanced Virtualization and 1 more 2024-11-21 6.0 Medium
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.
CVE-2020-27661 1 Qemu 1 Qemu 2024-11-21 6.5 Medium
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
CVE-2020-27617 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Advanced Virtualization and 1 more 2024-11-21 6.5 Medium
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
CVE-2020-27616 1 Qemu 1 Qemu 2024-11-21 6.5 Medium
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
CVE-2020-25743 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack Platform 2024-11-21 3.2 Low
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.