Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Filtered by product Qemu
Total 410 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25741 1 Qemu 1 Qemu 2023-12-10 2.1 LOW 3.2 LOW
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
CVE-2020-25625 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 4.7 MEDIUM 5.3 MEDIUM
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.
CVE-2020-35517 1 Qemu 1 Qemu 2023-12-10 4.6 MEDIUM 8.2 HIGH
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.
CVE-2020-24352 1 Qemu 1 Qemu 2023-12-10 2.1 LOW 5.5 MEDIUM
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
CVE-2021-20203 3 Debian, Fedoraproject, Qemu 3 Debian Linux, Fedora, Qemu 2023-12-10 2.1 LOW 3.2 LOW
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2020-25085 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 4.4 MEDIUM 5.0 MEDIUM
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
CVE-2021-3392 3 Debian, Fedoraproject, Qemu 3 Debian Linux, Fedora, Qemu 2023-12-10 2.1 LOW 3.2 LOW
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
CVE-2019-20808 1 Qemu 1 Qemu 2023-12-10 2.1 LOW 6.5 MEDIUM
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
CVE-2020-25084 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 2.1 LOW 3.2 LOW
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
CVE-2020-25723 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 2.1 LOW 3.2 LOW
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
CVE-2021-20263 1 Qemu 1 Qemu 2023-12-10 2.1 LOW 3.3 LOW
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.
CVE-2020-17380 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 4.6 MEDIUM 6.3 MEDIUM
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.
CVE-2020-28916 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 2.1 LOW 5.5 MEDIUM
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
CVE-2021-3416 4 Debian, Fedoraproject, Qemu and 1 more 4 Debian Linux, Fedora, Qemu and 1 more 2023-12-10 2.1 LOW 6.0 MEDIUM
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
CVE-2020-27617 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
CVE-2020-11947 1 Qemu 1 Qemu 2023-12-10 2.1 LOW 3.8 LOW
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
CVE-2020-25624 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 4.4 MEDIUM 5.0 MEDIUM
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-25742 1 Qemu 1 Qemu 2023-12-10 2.1 LOW 3.2 LOW
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.
CVE-2021-20255 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 2.1 LOW 5.5 MEDIUM
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-13800 3 Canonical, Opensuse, Qemu 3 Ubuntu Linux, Leap, Qemu 2023-12-10 4.9 MEDIUM 6.0 MEDIUM
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.