Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Filtered by product Qemu
Total 359 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5279 1 Qemu 1 Qemu 2021-11-17 7.2 HIGH N/A
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-6855 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-11-17 5.0 MEDIUM N/A
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
CVE-2015-6815 6 Canonical, Fedoraproject, Novell and 3 more 10 Ubuntu Linux, Fedora, Suse Linux Enterprise Debuginfo and 7 more 2021-11-17 2.7 LOW 3.5 LOW
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVE-2015-3456 3 Qemu, Redhat, Xen 5 Qemu, Enterprise Linux, Enterprise Virtualization and 2 more 2021-11-17 7.7 HIGH N/A
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
CVE-2015-5278 3 Canonical, Fedoraproject, Qemu 3 Ubuntu Linux, Fedora, Qemu 2021-11-17 4.0 MEDIUM 6.5 MEDIUM
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2021-3527 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Enterprise Linux 2021-11-15 2.1 LOW 5.5 MEDIUM
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
CVE-2021-3546 2 Debian, Qemu 2 Debian Linux, Qemu 2021-11-06 4.6 MEDIUM 8.2 HIGH
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service condition, or potential code execution with the privileges of the QEMU process.
CVE-2021-3682 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2021-10-18 6.0 MEDIUM 8.5 HIGH
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
CVE-2021-3713 2 Debian, Qemu 2 Debian Linux, Qemu 2021-10-18 4.6 MEDIUM 7.4 HIGH
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.
CVE-2021-3545 2 Debian, Qemu 2 Debian Linux, Qemu 2021-10-18 2.1 LOW 6.5 MEDIUM
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.
CVE-2021-3544 2 Debian, Qemu 2 Debian Linux, Qemu 2021-10-18 2.1 LOW 6.5 MEDIUM
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.
CVE-2017-2630 1 Qemu 1 Qemu 2021-09-08 6.5 MEDIUM 8.8 HIGH
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.
CVE-2016-2857 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2021-08-04 3.6 LOW 8.4 HIGH
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2017-10664 3 Debian, Qemu, Redhat 11 Debian Linux, Qemu, Enterprise Linux and 8 more 2021-08-04 5.0 MEDIUM 7.5 HIGH
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
CVE-2017-7980 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2021-08-04 4.6 MEDIUM 7.8 HIGH
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
CVE-2016-4020 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2021-08-04 2.1 LOW 6.5 MEDIUM
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2018-18438 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2021-08-04 2.1 LOW 5.5 MEDIUM
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2016-9921 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Enterprise Linux and 2 more 2021-08-04 2.1 LOW 6.5 MEDIUM
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
CVE-2016-8909 4 Debian, Opensuse, Qemu and 1 more 6 Debian Linux, Leap, Qemu and 3 more 2021-08-04 2.1 LOW 6.0 MEDIUM
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
CVE-2016-8669 4 Debian, Opensuse, Qemu and 1 more 6 Debian Linux, Leap, Qemu and 3 more 2021-08-04 2.1 LOW 6.0 MEDIUM
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.