Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Total 359 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3682 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2021-10-18 6.0 MEDIUM 8.5 HIGH
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
CVE-2021-3713 2 Debian, Qemu 2 Debian Linux, Qemu 2021-10-18 4.6 MEDIUM 7.4 HIGH
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.
CVE-2021-3545 2 Debian, Qemu 2 Debian Linux, Qemu 2021-10-18 2.1 LOW 6.5 MEDIUM
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.
CVE-2021-3544 2 Debian, Qemu 2 Debian Linux, Qemu 2021-10-18 2.1 LOW 6.5 MEDIUM
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.
CVE-2021-3546 2 Debian, Qemu 2 Debian Linux, Qemu 2021-10-18 4.6 MEDIUM 8.2 HIGH
A flaw was found in vhost-user-gpu of QEMU in versions up to and including 6.0. An out-of-bounds write vulnerability can allow a malicious guest to crash the QEMU process on the host resulting in a denial of service or potentially execute arbitrary code on the host with the privileges of the QEMU process. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-3527 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Enterprise Linux 2021-09-21 2.1 LOW 5.5 MEDIUM
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
CVE-2017-2630 1 Qemu 1 Qemu 2021-09-08 6.5 MEDIUM 8.8 HIGH
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.
CVE-2017-2615 5 Citrix, Debian, Qemu and 2 more 10 Xenserver, Debian Linux, Qemu and 7 more 2021-08-04 9.0 HIGH 9.1 CRITICAL
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
CVE-2018-11806 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2021-08-04 7.2 HIGH 8.2 HIGH
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2017-10664 3 Debian, Qemu, Redhat 11 Debian Linux, Qemu, Enterprise Linux and 8 more 2021-08-04 5.0 MEDIUM 7.5 HIGH
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
CVE-2017-8309 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Openstack 2021-08-04 7.8 HIGH 7.5 HIGH
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
CVE-2017-2620 5 Citrix, Debian, Qemu and 2 more 10 Xenserver, Debian Linux, Qemu and 7 more 2021-08-04 9.0 HIGH 9.9 CRITICAL
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
CVE-2017-7539 2 Qemu, Redhat 4 Qemu, Enterprise Linux, Openstack and 1 more 2021-08-04 5.0 MEDIUM 7.5 HIGH
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
CVE-2017-5973 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Enterprise Linux and 2 more 2021-08-04 2.1 LOW 5.5 MEDIUM
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
CVE-2016-8909 4 Debian, Opensuse, Qemu and 1 more 6 Debian Linux, Leap, Qemu and 3 more 2021-08-04 2.1 LOW 6.0 MEDIUM
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
CVE-2018-18438 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2021-08-04 2.1 LOW 5.5 MEDIUM
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2016-9911 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Enterprise Linux and 2 more 2021-08-04 4.9 MEDIUM 6.5 MEDIUM
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2016-9603 4 Citrix, Debian, Qemu and 1 more 9 Xenserver, Debian Linux, Qemu and 6 more 2021-08-04 9.0 HIGH 9.9 CRITICAL
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
CVE-2016-2857 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2021-08-04 3.6 LOW 8.4 HIGH
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2017-8379 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Openstack 2021-08-04 4.9 MEDIUM 6.5 MEDIUM
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.