Qemu

qemu

Vendor: Qemu • 419 CVEs

CVEs (419)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-5158 1Qemu 1Qemu May 6, 2026 Apr 12, 2016 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid...Show more Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block.Show less
CVE-2016-2858 3Canonical DebianQemu 3Debian Linux QemuUbuntu Linux May 6, 2026 Apr 7, 2016 N/A· v4 6.5 MEDIUM· v3 1.9 LOW· v2 QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allo...Show more QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.Show less
CVE-2016-1714 3Oracle QemuRedhat 3Linux OpenstackQemu May 6, 2026 Apr 7, 2016 N/A· v4 8.1 HIGH· v3 6.9 MEDIUM· v2 The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to ca...Show more The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.Show less
CVE-2015-1779 6Canonical DebianFedoraproject+3 more 11Debian Linux Enterprise Linux EusEnterprise Linux Server+8 more May 6, 2026 Jan 12, 2016 N/A· v4 8.6 HIGH· v3 7.8 HIGH· v2 The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2015-7512 4Debian OracleQemu+1 more 9Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+6 more May 6, 2026 Jan 8, 2016 N/A· v4 9.0 CRITICAL· v3 6.8 MEDIUM· v2 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large pack...Show more Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.Show less
CVE-2015-7295 3Debian FedoraprojectQemu 3Debian Linux FedoraQemu May 6, 2026 Nov 9, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via...Show more hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.Show less
CVE-2015-6855 6Arista CanonicalDebian+3 more 7Debian Linux EosFedora+4 more May 6, 2026 Nov 6, 2015 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demo...Show more hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.Show less
CVE-2015-5225 3Fedoraproject QemuRedhat 3Fedora OpenstackQemu May 6, 2026 Nov 6, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute a...Show more Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.Show less
CVE-2015-5279 1Qemu 1Qemu May 6, 2026 Sep 28, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors relat...Show more Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.Show less
CVE-2015-3214 6Arista DebianLenovo+3 more 19Debian Linux Emc Px12 400r IvxEmc Px12 450r Ivx+16 more May 6, 2026 Aug 31, 2015 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host O...Show more The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.Show less
CVE-2015-4037 1Qemu 1Qemu May 6, 2026 Aug 26, 2015 N/A· v4 N/A· v3 1.9 LOW· v2 The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.-...Show more The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.- files before the program.Show less
CVE-2015-5154 4Fedoraproject QemuSuse+1 more 8Fedora Linux Enterprise DebuginfoLinux Enterprise Desktop+5 more May 6, 2026 Aug 12, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAP...Show more Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.Show less
CVE-2015-3209 8Arista CanonicalDebian+5 more 18Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+15 more May 6, 2026 Jun 15, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
CVE-2015-4106 6Canonical CitrixDebian+3 more 8Debian Linux FedoraLinux Enterprise Desktop+5 more May 6, 2026 Jun 3, 2015 N/A· v4 N/A· v3 4.6 MEDIUM· v2 QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensiti...Show more QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.Show less
CVE-2015-3456 3Qemu RedhatXen 5Enterprise Linux Enterprise VirtualizationOpenstack+2 more May 6, 2026 May 13, 2015 N/A· v4 N/A· v3 7.7 HIGH· v2 The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (...Show more The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.Show less
CVE-2014-9718 2Debian Qemu 2Debian Linux Qemu May 6, 2026 Apr 21, 2015 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (m...Show more The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.Show less
CVE-2014-7840 2Qemu Redhat 7Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+4 more May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
CVE-2014-8106 1Qemu 1Qemu May 6, 2026 Dec 8, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists...Show more Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.Show less
CVE-2014-5388 2Canonical Qemu 2Qemu Ubuntu Linux May 6, 2026 Nov 15, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI de...Show more Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.Show less
CVE-2014-7815 5Canonical DebianQemu+2 more 11Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+8 more May 6, 2026 Nov 14, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value.

Previous 1...171819 20 21 Next