Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Filtered by product Qemu
Total 413 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19665 2 Opensuse, Qemu 2 Leap, Qemu 2024-11-21 2.7 LOW 5.7 MEDIUM
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVE-2018-19489 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 1.9 LOW 4.7 MEDIUM
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
CVE-2018-19364 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 2.1 LOW 5.5 MEDIUM
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
CVE-2018-18954 3 Canonical, Opensuse, Qemu 3 Ubuntu Linux, Leap, Qemu 2024-11-21 2.1 LOW 5.5 MEDIUM
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
CVE-2018-18849 4 Canonical, Fedoraproject, Opensuse and 1 more 4 Ubuntu Linux, Fedora, Leap and 1 more 2024-11-21 2.1 LOW 5.5 MEDIUM
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
CVE-2018-18438 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2024-11-21 2.1 LOW 5.5 MEDIUM
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2018-17963 4 Canonical, Debian, Qemu and 1 more 6 Ubuntu Linux, Debian Linux, Qemu and 3 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-17962 6 Canonical, Debian, Oracle and 3 more 6 Ubuntu Linux, Debian Linux, Linux and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
CVE-2018-17958 4 Canonical, Debian, Qemu and 1 more 6 Ubuntu Linux, Debian Linux, Qemu and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-16872 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 3.5 LOW 5.3 MEDIUM
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.
CVE-2018-16867 3 Canonical, Fedoraproject, Qemu 3 Ubuntu Linux, Fedora, Qemu 2024-11-21 4.4 MEDIUM 7.8 HIGH
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
CVE-2018-16847 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2024-11-21 4.6 MEDIUM 7.8 HIGH
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.
CVE-2018-15746 1 Qemu 1 Qemu 2024-11-21 2.1 LOW 5.5 MEDIUM
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
CVE-2018-12617 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2024-11-21 5.0 MEDIUM 7.5 HIGH
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
CVE-2018-11806 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2024-11-21 7.2 HIGH 8.2 HIGH
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-10839 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2017-9524 2 Debian, Qemu 2 Debian Linux, Qemu 2024-11-21 5.0 MEDIUM 7.5 HIGH
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.
CVE-2017-9503 2 Debian, Qemu 2 Debian Linux, Qemu 2024-11-21 1.9 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CVE-2017-9375 2 Debian, Qemu 2 Debian Linux, Qemu 2024-11-21 1.9 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
CVE-2017-9374 1 Qemu 1 Qemu 2024-11-21 2.1 LOW 5.5 MEDIUM
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.