Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Total 410 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3301 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2023-12-10 N/A 5.6 MEDIUM
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
CVE-2023-1386 2 Fedoraproject, Qemu 2 Fedora, Qemu 2023-12-10 N/A 7.8 HIGH
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.
CVE-2023-42467 1 Qemu 1 Qemu 2023-12-10 N/A 5.5 MEDIUM
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
CVE-2023-3255 3 Fedoraproject, Qemu, Redhat 3 Fedora, Qemu, Enterprise Linux 2023-12-10 N/A 6.5 MEDIUM
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.
CVE-2022-36648 1 Qemu 1 Qemu 2023-12-10 N/A 10.0 CRITICAL
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.
CVE-2023-1544 2 Fedoraproject, Qemu 2 Fedora, Qemu 2023-12-10 N/A 6.3 MEDIUM
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.
CVE-2023-0664 4 Fedoraproject, Microsoft, Qemu and 1 more 4 Fedora, Windows, Qemu and 1 more 2023-12-10 N/A 7.8 HIGH
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
CVE-2022-4144 3 Fedoraproject, Qemu, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Qemu and 1 more 2023-12-10 N/A 6.5 MEDIUM
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
CVE-2022-4172 2 Fedoraproject, Qemu 2 Fedora, Qemu 2023-12-10 N/A 6.5 MEDIUM
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.
CVE-2023-0330 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 N/A 6.0 MEDIUM
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.
CVE-2022-0358 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2023-12-10 N/A 7.8 HIGH
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
CVE-2021-3735 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 N/A 4.4 MEDIUM
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
CVE-2014-0144 2 Qemu, Redhat 9 Qemu, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more 2023-12-10 N/A 8.6 HIGH
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
CVE-2014-0147 3 Fedoraproject, Qemu, Redhat 10 Fedora, Qemu, Enterprise Linux Desktop and 7 more 2023-12-10 N/A 6.2 MEDIUM
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
CVE-2022-3165 2 Fedoraproject, Qemu 2 Fedora, Qemu 2023-12-10 N/A 6.5 MEDIUM
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVE-2021-3929 2 Fedoraproject, Qemu 2 Fedora, Qemu 2023-12-10 N/A 8.2 HIGH
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.
CVE-2020-14394 3 Fedoraproject, Qemu, Redhat 5 Extra Packages For Enterprise Linux, Fedora, Qemu and 2 more 2023-12-10 N/A 3.2 LOW
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
CVE-2014-0148 2 Qemu, Redhat 9 Qemu, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more 2023-12-10 N/A 5.5 MEDIUM
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.
CVE-2022-0216 2 Fedoraproject, Qemu 2 Fedora, Qemu 2023-12-10 N/A 4.4 MEDIUM
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
CVE-2022-3872 1 Qemu 1 Qemu 2023-12-10 N/A 8.6 HIGH
An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.