Skip to main content

Qemu

335 CVEs product

Monthly

CVE-2024-7730 HIGH This Week

A heap buffer overflow was found in the virtio-snd device in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Qemu
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-3447 MEDIUM POC PATCH CISA This Month

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Heap Overflow Qemu Hci Compute Node
NVD
CVSS 3.1
6.0
EPSS
0.0%
Threat
4.7
CVE-2024-6519 HIGH This Week

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Qemu
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-8354 MEDIUM This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-6505 MEDIUM This Month

A flaw was found in the virtio-net device in QEMU. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qemu Enterprise Linux
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-3567 MEDIUM POC This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-24474 HIGH POC PATCH This Week

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Qemu
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-26328 MEDIUM This Month

An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Qemu
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2024-26327 MEDIUM PATCH This Month

An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-6683 MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-6693 MEDIUM PATCH This Month

A stack based buffer overflow was found in the virtio-net device of QEMU. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required.

Stack Overflow Buffer Overflow Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2023-2861 HIGH PATCH This Week

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Authentication Bypass Qemu
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-5088 HIGH PATCH This Week

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). Rated high severity (CVSS 7.0).

RCE Qemu Enterprise Linux
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-3301 MEDIUM PATCH This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.6).

Denial Of Service Qemu Enterprise Linux
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2023-3255 MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-2680 HIGH This Week

This CVE exists because of an incomplete fix for CVE-2021-3750. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Red Hat Information Disclosure Memory Corruption Qemu +1
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-42467 MEDIUM POC This Month

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qemu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-40360 MEDIUM POC PATCH This Month

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Qemu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-4135 MEDIUM PATCH This Month

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-3180 MEDIUM PATCH This Month

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Qemu Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-3019 MEDIUM PATCH CISA This Month

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Qemu Enterprise Linux
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2023-1386 HIGH This Week

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3354 HIGH PATCH This Week

A flaw was found in the QEMU built-in VNC server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu Openstack Platform Enterprise Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-0664 HIGH PATCH This Week

A flaw was found in the QEMU Guest Agent service for Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1544 MEDIUM PATCH This Month

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure VMware Qemu Fedora
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-0330 MEDIUM PATCH This Month

A vulnerability in the lsi53c895a device affects the latest version of qemu. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Stack Overflow Buffer Overflow Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2022-4172 MEDIUM POC PATCH This Month

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Qemu Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-4144 MEDIUM PATCH This Month

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Qemu Extra Packages For Enterprise Linux +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3872 HIGH PATCH This Week

An off-by-one read/write issue was found in the SDHCI device of QEMU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2022-3165 MEDIUM PATCH This Month

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Qemu Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-2962 HIGH POC PATCH This Week

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-0358 HIGH PATCH This Week

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Qemu Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-0216 MEDIUM POC PATCH This Month

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Qemu Fedora
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-35414 HIGH POC PATCH This Week

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-1050 HIGH PATCH This Week

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

VMware Memory Corruption Use After Free Information Disclosure Qemu
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-26354 LOW PATCH Monitor

A flaw was found in the vhost-vsock device of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
3.2
EPSS
0.4%
CVE-2022-26353 HIGH PATCH This Week

A flaw was found in the virtio-net device of QEMU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-3713 HIGH PATCH This Week

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity.

Buffer Overflow RCE Memory Corruption Qemu Debian Linux
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2021-3682 HIGH PATCH This Week

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

RCE Qemu Enterprise Linux Debian Linux
NVD
CVSS 3.1
8.5
EPSS
2.9%
CVE-2021-3546 HIGH This Week

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption Qemu +1
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2021-3545 MEDIUM This Month

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-3544 MEDIUM This Month

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-3527 MEDIUM PATCH This Month

A flaw was found in the USB redirector device (usb-redir) of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qemu Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-20196 MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-20221 MEDIUM PATCH This Month

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu Enterprise Linux Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2021-20181 HIGH PATCH This Week

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. Rated high severity (CVSS 7.5).

Privilege Escalation Qemu Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-3507 MEDIUM POC This Month

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qemu Debian Linux Enterprise Linux
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-3409 MEDIUM PATCH This Month

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service Qemu Enterprise Linux +2
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-3392 LOW POC PATCH Monitor

A use-after-free flaw was found in the MegaRAID emulator of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Qemu Fedora +1
NVD
CVSS 3.1
3.2
EPSS
0.4%
CVE-2021-3416 MEDIUM PATCH This Month

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Fedora Enterprise Linux Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2021-20255 MEDIUM PATCH This Month

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-20263 LOW PATCH Monitor

A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Qemu
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2021-20203 LOW POC PATCH Monitor

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Qemu Fedora Debian Linux
NVD
CVSS 3.1
3.2
EPSS
0.6%
CVE-2020-11947 LOW PATCH Monitor

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu
NVD
CVSS 3.1
3.8
EPSS
0.5%
CVE-2020-27821 MEDIUM PATCH This Month

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service Memory Corruption Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2020-28916 MEDIUM POC PATCH This Month

hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-25723 LOW PATCH Monitor

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
3.2
EPSS
0.4%
CVE-2020-25624 MEDIUM POC This Month

hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
5.0
EPSS
0.6%
CVE-2020-27617 MEDIUM PATCH This Month

eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-27616 MEDIUM PATCH This Month

ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-24352 MEDIUM This Month

An issue was discovered in QEMU through 5.1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Qemu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25743 LOW PATCH Monitor

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu Openstack Platform Enterprise Linux
NVD
CVSS 3.1
3.2
EPSS
0.5%
CVE-2020-25742 LOW PATCH Monitor

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu
NVD
CVSS 3.1
3.2
EPSS
0.5%
CVE-2020-25741 LOW PATCH Monitor

fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu
NVD
CVSS 3.1
3.2
EPSS
0.5%
CVE-2020-25625 MEDIUM PATCH This Month

hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. Rated medium severity (CVSS 5.3).

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-25085 MEDIUM POC PATCH This Month

QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. Rated medium severity (CVSS 5.0). Public exploit code available.

Buffer Overflow Memory Corruption Qemu Debian Linux
NVD
CVSS 3.1
5.0
EPSS
0.6%
CVE-2020-25084 LOW PATCH Monitor

QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
3.2
EPSS
0.3%
CVE-2020-14364 MEDIUM PATCH This Month

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. Rated medium severity (CVSS 5.0).

Buffer Overflow RCE Denial Of Service Information Disclosure Qemu +6
NVD
CVSS 3.1
5.0
EPSS
5.4%
CVE-2020-12829 LOW PATCH Monitor

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2020-14415 LOW PATCH Monitor

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Qemu Ubuntu Linux
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2020-16092 LOW PATCH Monitor

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux Ubuntu Linux Leap
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2020-15863 MEDIUM PATCH This Month

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. Rated medium severity (CVSS 5.3). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Denial Of Service Memory Corruption Qemu +2
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-15859 LOW POC PATCH Monitor

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-15469 LOW PATCH Monitor

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
2.3
EPSS
0.4%
CVE-2020-10761 MEDIUM PATCH This Month

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux Leap Ubuntu Linux
NVD
CVSS 3.1
5.0
EPSS
1.8%
CVE-2020-10702 MEDIUM This Month

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Qemu
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-13800 MEDIUM This Month

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Ubuntu Linux Leap
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-13791 MEDIUM PATCH This Month

hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-13765 MEDIUM PATCH This Month

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.6
EPSS
2.4%
CVE-2020-13754 MEDIUM PATCH This Month

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-13659 LOW PATCH Monitor

address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. Rated low severity (CVSS 2.5).

Null Pointer Dereference Denial Of Service Qemu Debian Linux Leap +1
NVD
CVSS 3.1
2.5
EPSS
0.4%
CVE-2020-13362 LOW PATCH Monitor

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Qemu Debian Linux Leap +1
NVD
CVSS 3.1
3.2
EPSS
0.4%
CVE-2020-13361 LOW PATCH Monitor

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an. Rated low severity (CVSS 3.9). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Debian Linux Leap +1
NVD
CVSS 3.1
3.9
EPSS
0.4%
CVE-2020-13253 MEDIUM PATCH This Month

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-10717 MEDIUM PATCH This Month

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qemu
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-11869 LOW PATCH Monitor

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-11102 MEDIUM This Month

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption Qemu
NVD
CVSS 3.1
5.6
EPSS
1.9%
CVE-2020-1711 MEDIUM PATCH This Month

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Buffer Overflow Denial Of Service RCE Heap Overflow Qemu +4
NVD
CVSS 3.1
6.0
EPSS
4.0%
CVE-2020-7211 HIGH PATCH This Week

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Path Traversal Libslirp Qemu
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2020-7039 MEDIUM PATCH This Month

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Libslirp Qemu +2
NVD
CVSS 3.1
5.6
EPSS
3.6%
EPSS 0% CVSS 7.8
HIGH This Week

A heap buffer overflow was found in the virtio-snd device in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Qemu
NVD
EPSS 0% 4.7 CVSS 6.0
MEDIUM POC PATCH This Month

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Heap Overflow +2
NVD
EPSS 0% CVSS 8.2
HIGH This Week

A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

A flaw was found in the virtio-net device in QEMU. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qemu +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Qemu
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Qemu
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A stack based buffer overflow was found in the virtio-net device of QEMU. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required.

Stack Overflow Buffer Overflow Qemu +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Authentication Bypass Qemu
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). Rated high severity (CVSS 7.0).

RCE Qemu Enterprise Linux
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.6).

Denial Of Service Qemu Enterprise Linux
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

This CVE exists because of an incomplete fix for CVE-2021-3750. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Red Hat Information Disclosure +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qemu
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Qemu
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Qemu +2
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Fedora
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the QEMU built-in VNC server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the QEMU Guest Agent service for Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Qemu +2
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure VMware +2
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A vulnerability in the lsi53c895a device affects the latest version of qemu. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Stack Overflow Buffer Overflow Qemu +1
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Qemu Fedora
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow +4
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

An off-by-one read/write issue was found in the SDHCI device of QEMU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qemu
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Qemu +1
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

A DMA reentrancy issue was found in the Tulip device emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Qemu Enterprise Linux
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu Debian Linux
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

VMware Memory Corruption Use After Free +2
NVD
EPSS 0% CVSS 3.2
LOW PATCH Monitor

A flaw was found in the vhost-vsock device of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Information Disclosure Qemu Debian Linux
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the virtio-net device of QEMU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qemu Debian Linux
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 3% CVSS 8.5
HIGH PATCH This Week

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

RCE Qemu Enterprise Linux +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Debian Linux
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Debian Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the USB redirector device (usb-redir) of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qemu Enterprise Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Qemu +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. Rated high severity (CVSS 7.5).

Privilege Escalation Qemu Debian Linux
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Qemu Debian Linux +1
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service +4
NVD
EPSS 0% CVSS 3.2
LOW POC PATCH Monitor

A use-after-free flaw was found in the MegaRAID emulator of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Fedora +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Qemu
NVD
EPSS 1% CVSS 3.2
LOW POC PATCH Monitor

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Qemu +2
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service Memory Corruption +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu Debian Linux
NVD
EPSS 0% CVSS 3.2
LOW PATCH Monitor

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Qemu +1
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in QEMU through 5.1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD
EPSS 0% CVSS 3.2
LOW PATCH Monitor

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu +2
NVD
EPSS 0% CVSS 3.2
LOW PATCH Monitor

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu
NVD
EPSS 0% CVSS 3.2
LOW PATCH Monitor

fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. Rated medium severity (CVSS 5.3).

Denial Of Service Qemu Debian Linux
NVD
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. Rated medium severity (CVSS 5.0). Public exploit code available.

Buffer Overflow Memory Corruption Qemu +1
NVD
EPSS 0% CVSS 3.2
LOW PATCH Monitor

QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +2
NVD
EPSS 5% CVSS 5.0
MEDIUM PATCH This Month

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. Rated medium severity (CVSS 5.0).

Buffer Overflow RCE Denial Of Service +8
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu +2
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Qemu Ubuntu Linux
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. Rated medium severity (CVSS 5.3). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Denial Of Service +4
NVD
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure +2
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu +1
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Qemu
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Ubuntu Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu
NVD
EPSS 2% CVSS 5.6
MEDIUM PATCH This Month

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu +2
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qemu Ubuntu Linux +1
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. Rated low severity (CVSS 2.5).

Null Pointer Dereference Denial Of Service Qemu +3
NVD
EPSS 0% CVSS 3.2
LOW PATCH Monitor

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Qemu +3
NVD
EPSS 0% CVSS 3.9
LOW PATCH Monitor

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an. Rated low severity (CVSS 3.9). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Qemu +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qemu
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu
NVD
EPSS 2% CVSS 5.6
MEDIUM This Month

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption Qemu
NVD
EPSS 4% CVSS 6.0
MEDIUM PATCH This Month

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Buffer Overflow Denial Of Service RCE +6
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Microsoft Path Traversal Libslirp +1
NVD
EPSS 4% CVSS 5.6
MEDIUM PATCH This Month

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +4
NVD
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy