Qemu

qemu

Vendor: Qemu • 419 CVEs

CVEs (419)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-2538 1Qemu 1Qemu May 6, 2026 Jun 16, 2016 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory...Show more Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.Show less
CVE-2016-2392 2Canonical Qemu 2Qemu Ubuntu Linux May 6, 2026 Jun 16, 2016 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a deni...Show more The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.Show less
CVE-2016-2391 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux May 6, 2026 Jun 16, 2016 N/A· v4 5.0 MEDIUM· v3 2.1 LOW· v2 The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors re...Show more The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.Show less
CVE-2016-5338 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux May 6, 2026 Jun 14, 2016 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors r...Show more The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.Show less
CVE-2016-5337 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux May 6, 2026 Jun 14, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
CVE-2016-5238 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux May 6, 2026 Jun 14, 2016 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transf...Show more The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.Show less
CVE-2016-5126 5Canonical DebianOracle+2 more 12Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+9 more May 6, 2026 Jun 1, 2016 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asy...Show more Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.Show less
CVE-2016-4454 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux May 6, 2026 Jun 1, 2016 N/A· v4 6.0 MEDIUM· v3 3.6 LOW· v2 The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO reg...Show more The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.Show less
CVE-2016-4453 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux May 6, 2026 Jun 1, 2016 N/A· v4 4.4 MEDIUM· v3 4.9 MEDIUM· v2 The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
CVE-2016-4020 4Canonical DebianQemu+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+8 more May 6, 2026 May 25, 2016 N/A· v4 6.5 MEDIUM· v3 2.1 LOW· v2 The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task...Show more The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).Show less
CVE-2016-4037 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraQemu+1 more May 6, 2026 May 23, 2016 N/A· v4 6.0 MEDIUM· v3 4.9 MEDIUM· v2 The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siT...Show more The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.Show less
CVE-2016-4001 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraQemu+1 more May 6, 2026 May 23, 2016 N/A· v4 8.6 HIGH· v3 4.3 MEDIUM· v2 Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of servic...Show more Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.Show less
CVE-2015-8558 2Debian Qemu 2Debian Linux Qemu May 6, 2026 May 23, 2016 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
CVE-2016-4441 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux May 6, 2026 May 20, 2016 N/A· v4 6.0 MEDIUM· v3 2.1 LOW· v2 The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds wri...Show more The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.Show less
CVE-2016-4439 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux May 6, 2026 May 20, 2016 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (...Show more The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.Show less
CVE-2016-3712 6Canonical CitrixDebian+3 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 more May 6, 2026 May 11, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
CVE-2016-3710 7Canonical CitrixDebian+4 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Server+12 more May 6, 2026 May 11, 2016 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the ban...Show more The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.Show less
CVE-2016-4002 4Canonical DebianFedoraproject+1 more 4Debian Linux FedoraQemu+1 more May 6, 2026 Apr 26, 2016 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU cras...Show more Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.Show less
CVE-2016-2857 4Canonical DebianQemu+1 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+8 more May 6, 2026 Apr 12, 2016 N/A· v4 8.4 HIGH· v3 3.6 LOW· v2 The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2016-1568 3Debian QemuRedhat 4Debian Linux OpenstackQemu+1 more May 6, 2026 Apr 12, 2016 N/A· v4 8.8 HIGH· v3 6.9 MEDIUM· v2 Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHC...Show more Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.Show less

Previous 1...161718...21 Next