Total
413 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9104 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access. | |||||
CVE-2016-6836 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 6.0 MEDIUM |
The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object. | |||||
CVE-2016-9913 | 1 Qemu | 1 Qemu | 2024-02-28 | 4.9 MEDIUM | 6.5 MEDIUM |
Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup. | |||||
CVE-2016-9922 | 1 Qemu | 1 Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values. | |||||
CVE-2015-8818 | 1 Qemu | 1 Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. | |||||
CVE-2016-9776 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS. | |||||
CVE-2016-9845 | 1 Qemu | 1 Qemu | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes. | |||||
CVE-2016-1922 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer dereference. A user or process could use this flaw to crash the QEMU instance, resulting in DoS issue. | |||||
CVE-2017-8379 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Openstack | 2024-02-28 | 4.9 MEDIUM | 6.5 MEDIUM |
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. | |||||
CVE-2017-5579 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 4.9 MEDIUM | 6.5 MEDIUM |
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. | |||||
CVE-2016-9921 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. | |||||
CVE-2015-8666 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 3.3 LOW | 7.9 HIGH |
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. | |||||
CVE-2016-9908 | 1 Qemu | 1 Qemu | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes. | |||||
CVE-2016-8578 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2024-02-28 | 2.1 LOW | 6.0 MEDIUM |
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation. | |||||
CVE-2016-2538 | 1 Qemu | 1 Qemu | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. | |||||
CVE-2015-8558 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. | |||||
CVE-2016-5403 | 5 Canonical, Debian, Oracle and 2 more | 13 Ubuntu Linux, Debian Linux, Linux and 10 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. | |||||
CVE-2016-6351 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. | |||||
CVE-2016-4441 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 6.0 MEDIUM |
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. | |||||
CVE-2015-5279 | 1 Qemu | 1 Qemu | 2024-02-28 | 7.2 HIGH | N/A |
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. |