Vulnerabilities (CVE)

Vendor filter

Qemu Subscribe

Filter

266 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-6778 4 Qemu, Opensuse, Canonical and 1 more 4 Qemu, Leap, Ubuntu Linux and 1 more 2019-04-17 4.6
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
CVE-2018-19665 1 Qemu 1 Qemu 2019-04-17 2.7
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVE-2018-18849 4 Qemu, Canonical, Fedoraproject and 1 more 4 Qemu, Ubuntu Linux, Fedora and 1 more 2019-04-12 2.1
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
CVE-2019-6501 2 Qemu, Fedoraproject 2 Qemu, Fedora 2019-04-12 2.1
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
CVE-2019-8934 1 Qemu 1 Qemu 2019-04-11 2.1
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2018-7550 4 Qemu, Redhat, Canonical and 1 more 10 Qemu, Virtualization, Ubuntu Linux and 7 more 2019-03-25 4.6
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read...
CVE-2019-3812 1 Qemu 1 Qemu 2019-03-25 2.1
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack...
CVE-2018-20191 1 Qemu 1 Qemu 2019-03-25 5.0
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
CVE-2018-19489 2 Qemu, Debian 2 Qemu, Debian Linux 2019-03-25 2.1
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
CVE-2018-19364 3 Qemu, Canonical, Debian 3 Qemu, Ubuntu Linux, Debian Linux 2019-03-25 2.1
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
CVE-2018-16872 2 Qemu, Debian 2 Qemu, Debian Linux 2019-03-25 3.5
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since...
CVE-2018-16867 1 Qemu 1 Qemu 2019-03-25 4.6
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode,...
CVE-2018-17962 6 Qemu, Canonical, Debian and 3 more 6 Qemu, Ubuntu Linux, Debian Linux and 3 more 2019-03-21 5.0
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
CVE-2018-17963 3 Qemu, Debian, Canonical 3 Qemu, Debian Linux, Ubuntu Linux 2019-03-21 7.5
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-11806 3 Qemu, Redhat, Canonical 3 Qemu, Openstack, Ubuntu Linux 2019-03-08 7.2
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2017-18043 3 Qemu, Canonical, Debian 3 Qemu, Ubuntu Linux, Debian Linux 2019-03-07 2.1
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
CVE-2018-17958 3 Qemu, Canonical, Debian 3 Qemu, Ubuntu Linux, Debian Linux 2019-03-05 5.0
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-5683 4 Qemu, Redhat, Canonical and 1 more 10 Qemu, Virtualization, Ubuntu Linux and 7 more 2019-03-04 2.1
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
CVE-2018-12617 3 Qemu, Canonical, Debian 3 Qemu, Ubuntu Linux, Debian Linux 2019-02-28 5.0
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory...
CVE-2018-20123 1 Qemu 1 Qemu 2019-02-06 2.1
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.