Qemu

qemu

Vendor: Qemu • 419 CVEs

CVEs (419)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-11806 4Canonical DebianQemu+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+8 more Nov 21, 2024 Jun 13, 2018 N/A· v4 8.2 HIGH· v3 7.2 HIGH· v2 m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2016-9602 2Debian Qemu 2Debian Linux Qemu Nov 21, 2024 Apr 26, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escal...Show more Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.Show less
CVE-2018-7858 4Canonical OpensuseQemu+1 more 9Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+6 more Nov 21, 2024 Mar 12, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorr...Show more Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.Show less
CVE-2018-7550 4Canonical DebianQemu+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Mar 1, 2018 N/A· v4 8.8 HIGH· v3 4.6 MEDIUM· v2 The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which trig...Show more The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.Show less
CVE-2017-18043 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux Nov 21, 2024 Jan 31, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
CVE-2018-5683 4Canonical DebianQemu+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 more Nov 21, 2024 Jan 23, 2018 N/A· v4 6.0 MEDIUM· v3 2.1 LOW· v2 The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2017-18030 2Debian Qemu 2Debian Linux Qemu Nov 21, 2024 Jan 23, 2018 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to nega...Show more The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.Show less
CVE-2014-3471 1Qemu 1Qemu Nov 21, 2024 Jan 12, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.
CVE-2017-15124 1Qemu 1Qemu Nov 21, 2024 Jan 9, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did...Show more VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.Show less
CVE-2017-17381 2Debian Qemu 2Debian Linux Qemu May 13, 2026 Dec 7, 2017 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.
CVE-2017-16845 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux May 13, 2026 Nov 17, 2017 N/A· v4 10.0 CRITICAL· v3 6.4 MEDIUM· v2 hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVE-2015-7549 1Qemu 1Qemu May 13, 2026 Oct 30, 2017 N/A· v4 6.0 MEDIUM· v3 2.1 LOW· v2 The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define t...Show more The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.Show less
CVE-2015-7504 3Debian QemuXen 3Debian Linux QemuXen May 13, 2026 Oct 16, 2017 N/A· v4 8.8 HIGH· v3 4.6 MEDIUM· v2 Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets i...Show more Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.Show less
CVE-2017-15289 1Qemu 1Qemu May 13, 2026 Oct 16, 2017 N/A· v4 6.0 MEDIUM· v3 2.1 LOW· v2 The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculati...Show more The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.Show less
CVE-2017-15268 1Qemu 1Qemu May 13, 2026 Oct 12, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
CVE-2017-15038 1Qemu 1Qemu May 13, 2026 Oct 10, 2017 N/A· v4 5.6 MEDIUM· v3 1.9 LOW· v2 Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attribu...Show more Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.Show less
CVE-2017-14167 2Debian Qemu 2Debian Linux Qemu May 13, 2026 Sep 8, 2017 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which tri...Show more Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.Show less
CVE-2017-13711 2Debian Qemu 2Debian Linux Qemu May 13, 2026 Sep 1, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from p...Show more Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.Show less
CVE-2017-13672 2Debian Qemu 2Debian Linux Qemu May 13, 2026 Sep 1, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display u...Show more QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.Show less
CVE-2017-13673 1Qemu 1Qemu May 13, 2026 Aug 29, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.

Previous 1...91011...21 Next