Vulnerabilities (CVE)

Vendor filter

Qemu Subscribe

Product filter

Qemu Subscribe

Filter

274 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-5957 2 Qemu, Virglrenderer Project 2 Qemu, Virglrenderer 2019-07-19 2.1
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of...
CVE-2019-13164 1 Qemu 1 Qemu 2019-07-12 4.6
qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
CVE-2018-20815 1 Qemu 1 Qemu 2019-07-02 7.5
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
CVE-2019-12929 1 Qemu 1 Qemu 2019-07-02 10.0
** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the...
CVE-2019-12928 1 Qemu 1 Qemu 2019-07-02 10.0
** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP...
CVE-2019-9824 1 Qemu 1 Qemu 2019-07-02 2.1
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
CVE-2019-6778 4 Qemu, Opensuse, Canonical and 1 more 4 Qemu, Leap, Ubuntu Linux and 1 more 2019-05-31 4.6
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
CVE-2019-3812 4 Qemu, Canonical, Fedoraproject and 1 more 4 Qemu, Ubuntu Linux, Fedora and 1 more 2019-05-31 2.1
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack...
CVE-2019-12155 1 Qemu 1 Qemu 2019-05-31 5.0
interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference.
CVE-2018-19489 5 Qemu, Debian, Canonical and 2 more 5 Qemu, Debian Linux, Ubuntu Linux and 2 more 2019-05-31 2.1
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
CVE-2018-19364 5 Qemu, Canonical, Debian and 2 more 5 Qemu, Ubuntu Linux, Debian Linux and 2 more 2019-05-31 2.1
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
CVE-2018-18954 3 Qemu, Canonical, Opensuse 3 Qemu, Ubuntu Linux, Leap 2019-05-31 2.1
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
CVE-2018-18849 4 Qemu, Canonical, Fedoraproject and 1 more 4 Qemu, Ubuntu Linux, Fedora and 1 more 2019-05-31 2.1
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
CVE-2018-17958 3 Qemu, Canonical, Debian 3 Qemu, Ubuntu Linux, Debian Linux 2019-05-31 5.0
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-16872 5 Qemu, Debian, Canonical and 2 more 5 Qemu, Debian Linux, Ubuntu Linux and 2 more 2019-05-31 3.5
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since...
CVE-2018-12617 3 Qemu, Canonical, Debian 3 Qemu, Ubuntu Linux, Debian Linux 2019-05-31 5.0
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory...
CVE-2018-11806 3 Qemu, Redhat, Canonical 3 Qemu, Openstack, Ubuntu Linux 2019-05-31 7.2
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2019-12247 1 Qemu 1 Qemu 2019-05-30 5.0
** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable.
CVE-2019-8934 2 Qemu, Opensuse 2 Qemu, Leap 2019-05-17 2.1
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2019-5008 1 Qemu 1 Qemu 2019-05-14 5.0
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.