CVEs (419)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device...Show more |
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the...Show more |
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. |
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. |
4Canonical DebianOpensuse+1 more4Debian Linux LeapQemu+1 moreNov 21, 2024 Mar 5, 2020 N/A· v4 3.5 LOW· v3 2.7 LOW· v2 QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEn...Show more |
4Debian OpensuseQemu+1 more5Debian Linux Enterprise LinuxLeap+2 moreNov 21, 2024 Feb 11, 2020 N/A· v4 6.0 MEDIUM· v3 6.0 MEDIUM· v2 An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Bloc...Show more |
2Qemu Redhat6Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Tus+3 moreNov 21, 2024 Feb 11, 2020 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. |
7Arista CanonicalFedoraproject+4 more11Enterprise Linux EosFedora+8 moreNov 21, 2024 Jan 31, 2020 N/A· v4 3.5 LOW· v3 2.7 LOW· v2 The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop a...Show more |
3Arista FedoraprojectQemu3Eos FedoraQemuNov 21, 2024 Jan 23, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. |
4Arista CanonicalFedoraproject+1 more4Eos FedoraQemu+1 moreNov 21, 2024 Jan 23, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving p...Show more |
5Arista CanonicalFedoraproject+2 more8Eos FedoraLinux Enterprise Debuginfo+5 moreNov 21, 2024 Jan 23, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. |
2Libslirp Project Qemu2Libslirp QemuNov 21, 2024 Jan 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. |
4Debian Libslirp ProjectOpensuse+1 more4Debian Linux LeapLibslirp+1 moreNov 21, 2024 Jan 16, 2020 N/A· v4 5.6 MEDIUM· v3 6.8 MEDIUM· v2 tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead...Show more |
3Canonical DebianQemu3Debian Linux QemuUbuntu LinuxNov 21, 2024 Jan 2, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. |
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implie...Show more |
3Debian NovellQemu4Debian Linux Open Desktop ServerOpen Enterprise Server+1 moreNov 21, 2024 Dec 30, 2019 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a pr...Show more |
3Canonical OpensuseQemu3Leap QemuUbuntu LinuxNov 21, 2024 Sep 24, 2019 N/A· v4 3.8 LOW· v3 2.1 LOW· v2 In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator adva...Show more |
2Libslirp Project Qemu2Libslirp QemuNov 21, 2024 Sep 6, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. |
4Canonical DebianOpensuse+1 more4Debian Linux LeapQemu+1 moreNov 21, 2024 Jul 3, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. |
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to...Show more |