Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Filtered by product Qemu
Total 413 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9102 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 6.0 MEDIUM
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.
CVE-2017-8086 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 4.9 MEDIUM 6.5 MEDIUM
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
CVE-2016-10155 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 4.9 MEDIUM 6.0 MEDIUM
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2017-8309 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Openstack 2024-02-28 7.8 HIGH 7.5 HIGH
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
CVE-2016-9912 1 Qemu 1 Qemu 2024-02-28 4.9 MEDIUM 6.5 MEDIUM
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
CVE-2017-5525 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 4.9 MEDIUM 6.5 MEDIUM
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2016-6835 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Enterprise Linux and 1 more 2024-02-28 2.1 LOW 6.0 MEDIUM
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
CVE-2017-5667 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 6.5 MEDIUM
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
CVE-2016-10028 1 Qemu 1 Qemu 2024-02-28 2.1 LOW 5.5 MEDIUM
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.
CVE-2016-7155 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 4.4 MEDIUM
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.
CVE-2016-2198 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS.
CVE-2016-9911 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Enterprise Linux and 2 more 2024-02-28 4.9 MEDIUM 6.5 MEDIUM
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2015-8613 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 1.9 LOW 6.5 MEDIUM
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.
CVE-2017-6058 1 Qemu 1 Qemu 2024-02-28 5.0 MEDIUM 7.5 HIGH
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.
CVE-2016-9103 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 6.0 MEDIUM
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
CVE-2016-7422 3 Opensuse, Qemu, Redhat 5 Leap, Qemu, Enterprise Linux and 2 more 2024-02-28 2.1 LOW 6.0 MEDIUM
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
CVE-2016-1981 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS.
CVE-2017-5987 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 5.5 MEDIUM
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
CVE-2015-8619 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 5.0 MEDIUM 7.5 HIGH
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
CVE-2015-8744 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.