Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Total 357 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3546 1 Qemu 1 Qemu 2021-06-17 4.6 MEDIUM 8.2 HIGH
A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-27661 1 Qemu 1 Qemu 2021-06-14 2.1 LOW 6.5 MEDIUM
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
CVE-2020-35505 1 Qemu 1 Qemu 2021-06-14 2.1 LOW 4.4 MEDIUM
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-3544 1 Qemu 1 Qemu 2021-06-11 2.1 LOW 6.5 MEDIUM
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.
CVE-2019-12067 2 Debian, Qemu 2 Debian Linux, Qemu 2021-06-11 2.1 LOW 6.5 MEDIUM
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
CVE-2020-35503 1 Qemu 1 Qemu 2021-06-11 2.1 LOW 6.0 MEDIUM
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-3545 1 Qemu 1 Qemu 2021-06-09 2.1 LOW 6.5 MEDIUM
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.
CVE-2013-4536 1 Qemu 1 Qemu 2021-06-08 4.6 MEDIUM 7.8 HIGH
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
CVE-2020-35506 1 Qemu 1 Qemu 2021-06-08 4.6 MEDIUM 6.7 MEDIUM
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
CVE-2021-20181 2 Debian, Qemu 2 Debian Linux, Qemu 2021-06-04 6.9 MEDIUM 7.5 HIGH
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
CVE-2021-20221 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Enterprise Linux 2021-06-04 2.1 LOW 6.0 MEDIUM
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-20196 1 Qemu 1 Qemu 2021-06-04 2.1 LOW 6.5 MEDIUM
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-3527 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2021-06-03 2.1 LOW 5.5 MEDIUM
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
CVE-2020-35504 2 Fedoraproject, Qemu 2 Fedora, Qemu 2021-06-02 2.1 LOW 6.0 MEDIUM
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-3507 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2021-06-01 3.6 LOW 6.1 MEDIUM
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
CVE-2020-35517 1 Qemu 1 Qemu 2021-06-01 4.6 MEDIUM 8.2 HIGH
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
CVE-2017-5957 2 Qemu, Virglrenderer Project 2 Qemu, Virglrenderer 2021-05-19 2.1 LOW 5.5 MEDIUM
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
CVE-2008-4539 4 Canonical, Debian, Kvm Qumranet and 1 more 4 Ubuntu Linux, Debian Linux, Kvm and 1 more 2021-05-14 7.2 HIGH N/A
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
CVE-2021-20263 1 Qemu 1 Qemu 2021-05-07 2.1 LOW 3.3 LOW
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.
CVE-2021-20255 1 Qemu 1 Qemu 2021-05-07 2.1 LOW 5.5 MEDIUM
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.