Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Filtered by product Qemu
Total 413 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9104 3 Debian, Opensuse, Qemu 3 Debian Linux, Leap, Qemu 2024-02-28 2.1 LOW 4.4 MEDIUM
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.
CVE-2016-6836 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 6.0 MEDIUM
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.
CVE-2016-9913 1 Qemu 1 Qemu 2024-02-28 4.9 MEDIUM 6.5 MEDIUM
Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup.
CVE-2016-9922 1 Qemu 1 Qemu 2024-02-28 2.1 LOW 5.5 MEDIUM
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
CVE-2015-8818 1 Qemu 1 Qemu 2024-02-28 2.1 LOW 5.5 MEDIUM
The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.
CVE-2016-9776 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.
CVE-2016-9845 1 Qemu 1 Qemu 2024-02-28 2.1 LOW 6.5 MEDIUM
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
CVE-2016-1922 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue.
CVE-2017-8379 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Openstack 2024-02-28 4.9 MEDIUM 6.5 MEDIUM
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
CVE-2017-5579 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 4.9 MEDIUM 6.5 MEDIUM
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2016-9921 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Enterprise Linux and 2 more 2024-02-28 2.1 LOW 6.5 MEDIUM
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
CVE-2015-8666 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 3.3 LOW 7.9 HIGH
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
CVE-2016-9908 1 Qemu 1 Qemu 2024-02-28 2.1 LOW 3.3 LOW
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
CVE-2016-8578 3 Debian, Opensuse, Qemu 3 Debian Linux, Leap, Qemu 2024-02-28 2.1 LOW 6.0 MEDIUM
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.
CVE-2016-2538 1 Qemu 1 Qemu 2024-02-28 3.6 LOW 7.1 HIGH
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
CVE-2015-8558 2 Debian, Qemu 2 Debian Linux, Qemu 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
CVE-2016-5403 5 Canonical, Debian, Oracle and 2 more 13 Ubuntu Linux, Debian Linux, Linux and 10 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
CVE-2016-6351 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2024-02-28 7.2 HIGH 6.7 MEDIUM
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer.
CVE-2016-4441 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2024-02-28 2.1 LOW 6.0 MEDIUM
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.
CVE-2015-5279 1 Qemu 1 Qemu 2024-02-28 7.2 HIGH N/A
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.