Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Total 359 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4536 1 Qemu 1 Qemu 2021-07-30 4.6 MEDIUM 7.8 HIGH
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
CVE-2019-12067 2 Debian, Qemu 2 Debian Linux, Qemu 2021-07-30 2.1 LOW 6.5 MEDIUM
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
CVE-2020-24352 1 Qemu 1 Qemu 2021-07-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
CVE-2019-8934 2 Opensuse, Qemu 2 Leap, Qemu 2021-07-21 2.1 LOW 3.3 LOW
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2020-13800 1 Qemu 1 Qemu 2021-07-21 4.9 MEDIUM 6.0 MEDIUM
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
CVE-2021-20181 2 Debian, Qemu 2 Debian Linux, Qemu 2021-07-20 6.9 MEDIUM 7.5 HIGH
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
CVE-2020-35503 1 Qemu 1 Qemu 2021-07-20 2.1 LOW 6.0 MEDIUM
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-27661 1 Qemu 1 Qemu 2021-07-20 2.1 LOW 6.5 MEDIUM
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
CVE-2020-35506 1 Qemu 1 Qemu 2021-07-13 4.6 MEDIUM 6.7 MEDIUM
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
CVE-2020-35504 2 Fedoraproject, Qemu 2 Fedora, Qemu 2021-07-13 2.1 LOW 6.0 MEDIUM
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35505 1 Qemu 1 Qemu 2021-07-13 2.1 LOW 4.4 MEDIUM
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-35517 1 Qemu 1 Qemu 2021-07-08 4.6 MEDIUM 8.2 HIGH
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
CVE-2021-20221 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Enterprise Linux 2021-07-08 2.1 LOW 6.0 MEDIUM
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-20196 1 Qemu 1 Qemu 2021-07-08 2.1 LOW 6.5 MEDIUM
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-3507 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2021-06-01 3.6 LOW 6.1 MEDIUM
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
CVE-2017-5957 2 Qemu, Virglrenderer Project 2 Qemu, Virglrenderer 2021-05-19 2.1 LOW 5.5 MEDIUM
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
CVE-2008-4539 4 Canonical, Debian, Kvm Qumranet and 1 more 4 Ubuntu Linux, Debian Linux, Kvm and 1 more 2021-05-14 7.2 HIGH N/A
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
CVE-2021-3409 3 Fedoraproject, Qemu, Redhat 3 Fedora, Qemu, Enterprise Linux 2021-05-07 4.6 MEDIUM 5.7 MEDIUM
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
CVE-2021-3392 2 Fedoraproject, Qemu 2 Fedora, Qemu 2021-05-07 2.1 LOW 3.2 LOW
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
CVE-2021-20255 1 Qemu 1 Qemu 2021-05-07 2.1 LOW 5.5 MEDIUM
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.