Qemu
Monthly
A heap buffer overflow was found in the virtio-snd device in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in the virtio-net device in QEMU. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
A stack based buffer overflow was found in the virtio-net device of QEMU. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required.
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). Rated high severity (CVSS 7.0).
A flaw was found in QEMU. Rated medium severity (CVSS 5.6).
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
This CVE exists because of an incomplete fix for CVE-2021-3750. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in the QEMU built-in VNC server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
A flaw was found in the QEMU Guest Agent service for Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A vulnerability in the lsi53c895a device affects the latest version of qemu. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
An off-by-one read/write issue was found in the SDHCI device of QEMU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A flaw was found in the vhost-vsock device of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
A flaw was found in the virtio-net device of QEMU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity.
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in the USB redirector device (usb-redir) of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. Rated high severity (CVSS 7.5).
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
A use-after-free flaw was found in the MegaRAID emulator of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. Public exploit code available.
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. Public exploit code available.
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
An issue was discovered in QEMU through 5.1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. Rated medium severity (CVSS 5.3).
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. Rated medium severity (CVSS 5.0). Public exploit code available.
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. Rated medium severity (CVSS 5.0).
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. Rated medium severity (CVSS 5.3). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. Rated low severity (CVSS 2.5).
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an. Rated low severity (CVSS 3.9). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A heap buffer overflow was found in the virtio-snd device in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.
A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in the virtio-net device in QEMU. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in QEMU 7.1.0 through 8.2.1. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
A stack based buffer overflow was found in the virtio-net device of QEMU. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required.
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). Rated high severity (CVSS 7.0).
A flaw was found in QEMU. Rated medium severity (CVSS 5.6).
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
This CVE exists because of an incomplete fix for CVE-2021-3750. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in the QEMU built-in VNC server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
A flaw was found in the QEMU Guest Agent service for Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A vulnerability in the lsi53c895a device affects the latest version of qemu. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.
An off-by-one read/write issue was found in the SDHCI device of QEMU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
A flaw was found in the vhost-vsock device of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
A flaw was found in the virtio-net device of QEMU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity.
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
A flaw was found in the USB redirector device (usb-redir) of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. Rated high severity (CVSS 7.5).
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
A use-after-free flaw was found in the MegaRAID emulator of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. Public exploit code available.
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. Public exploit code available.
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
An issue was discovered in QEMU through 5.1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. Rated medium severity (CVSS 5.3).
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. Rated medium severity (CVSS 5.0). Public exploit code available.
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. Rated medium severity (CVSS 5.0).
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. Rated medium severity (CVSS 5.3). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. Rated low severity (CVSS 2.5).
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an. Rated low severity (CVSS 3.9). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.