Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Total 359 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1320 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Fedora Core and 3 more 2020-12-15 7.2 HIGH N/A
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
CVE-2007-1321 4 Debian, Fedoraproject, Qemu and 1 more 5 Debian Linux, Fedora, Fedora Core and 2 more 2020-12-15 7.2 HIGH N/A
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
CVE-2007-1366 2 Debian, Qemu 2 Debian Linux, Qemu 2020-12-15 2.1 LOW N/A
QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
CVE-2007-1322 2 Debian, Qemu 2 Debian Linux, Qemu 2020-12-15 2.1 LOW N/A
QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.
CVE-2007-5730 3 Debian, Qemu, Xen 3 Debian Linux, Qemu, Xen 2020-12-15 7.2 HIGH N/A
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
CVE-2007-5729 3 Debian, Opensuse, Qemu 3 Debian Linux, Opensuse, Qemu 2020-12-15 7.2 HIGH N/A
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.
CVE-2020-13791 1 Qemu 1 Qemu 2020-12-14 2.1 LOW 5.5 MEDIUM
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
CVE-2020-13754 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2020-12-14 4.6 MEDIUM 6.7 MEDIUM
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
CVE-2020-13253 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2020-12-14 2.1 LOW 5.5 MEDIUM
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
CVE-2020-12829 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2020-12-14 2.1 LOW 3.8 LOW
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.
CVE-2018-19665 2 Opensuse, Qemu 2 Leap, Qemu 2020-12-14 2.7 LOW 5.7 MEDIUM
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVE-2016-9923 1 Qemu 1 Qemu 2020-12-14 2.1 LOW 5.5 MEDIUM
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
CVE-2016-9912 1 Qemu 1 Qemu 2020-12-14 4.9 MEDIUM 6.5 MEDIUM
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
CVE-2016-9908 1 Qemu 1 Qemu 2020-12-14 2.1 LOW 3.3 LOW
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
CVE-2015-8619 2 Debian, Qemu 2 Debian Linux, Qemu 2020-12-14 5.0 MEDIUM 7.5 HIGH
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
CVE-2016-4002 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2020-12-14 6.8 MEDIUM 9.8 CRITICAL
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
CVE-2016-9101 3 Debian, Opensuse, Qemu 3 Debian Linux, Leap, Qemu 2020-12-14 2.1 LOW 6.0 MEDIUM
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
CVE-2015-8345 2 Debian, Qemu 2 Debian Linux, Qemu 2020-12-14 2.1 LOW 6.5 MEDIUM
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
CVE-2020-25624 1 Qemu 1 Qemu 2020-12-10 4.4 MEDIUM 5.0 MEDIUM
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2018-16872 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2020-12-04 3.5 LOW 5.3 MEDIUM
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.