Filtered by vendor Qemu
Subscribe
Total
419 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10702 | 1 Qemu | 1 Qemu | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. | |||||
| CVE-2020-10761 | 4 Canonical, Opensuse, Qemu and 1 more | 4 Ubuntu Linux, Leap, Qemu and 1 more | 2023-11-07 | 4.0 MEDIUM | 5.0 MEDIUM |
| An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. | |||||
| CVE-2020-10717 | 1 Qemu | 1 Qemu | 2023-11-07 | 2.1 LOW | 6.5 MEDIUM |
| A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. | |||||
| CVE-2019-9824 | 1 Qemu | 1 Qemu | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure. | |||||
| CVE-2019-6778 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Leap and 1 more | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. | |||||
| CVE-2019-6501 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations. | |||||
| CVE-2019-5008 | 1 Qemu | 1 Qemu | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. | |||||
| CVE-2019-20808 | 1 Qemu | 1 Qemu | 2023-11-07 | 2.1 LOW | 6.5 MEDIUM |
| In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. | |||||
| CVE-2019-20382 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2023-11-07 | 2.7 LOW | 3.5 LOW |
| QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. | |||||
| CVE-2019-12155 | 1 Qemu | 1 Qemu | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | |||||
| CVE-2019-12068 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2023-11-07 | 2.1 LOW | 3.8 LOW |
| In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. | |||||
| CVE-2018-20191 | 3 Canonical, Fedoraproject, Qemu | 3 Ubuntu Linux, Fedora, Qemu | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). | |||||
| CVE-2018-20815 | 1 Qemu | 1 Qemu | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk. | |||||
| CVE-2018-20123 | 3 Canonical, Fedoraproject, Qemu | 3 Ubuntu Linux, Fedora, Qemu | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. | |||||
| CVE-2018-19489 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 1.9 LOW | 4.7 MEDIUM |
| v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | |||||
| CVE-2018-18849 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Leap and 1 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. | |||||
| CVE-2018-19364 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | |||||
| CVE-2018-16867 | 3 Canonical, Fedoraproject, Qemu | 3 Ubuntu Linux, Fedora, Qemu | 2023-11-07 | 4.4 MEDIUM | 7.8 HIGH |
| A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host. | |||||
| CVE-2017-7377 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-11-07 | 2.1 LOW | 6.0 MEDIUM |
| The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. | |||||
| CVE-2017-9373 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-11-07 | 1.9 LOW | 5.5 MEDIUM |
| Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device. | |||||