The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Qemu
Ubuntu Linux
Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.
Denial Of Service
Memory Corruption
Buffer Overflow
Qemu
Ubuntu Linux
+1
NVD
CVSS 3.1
4.4
EPSS
0.1%