Product:
Qemu
(Qemu)| Repositories |
• https://github.com/qemu/qemu
• https://github.com/torvalds/linux • https://github.com/bonzini/qemu |
| #Vulnerabilities | 333 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-26 | CVE-2020-29443 | ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | Debian_linux, Qemu | 3.9 | ||
| 2020-12-04 | CVE-2020-28916 | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | Debian_linux, Qemu | 5.5 | ||
| 2020-09-25 | CVE-2020-25084 | QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. | Debian_linux, Qemu | 3.2 | ||
| 2020-07-21 | CVE-2020-15859 | QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. | Debian_linux, Qemu | 3.3 | ||
| 2020-07-02 | CVE-2020-15469 | In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | Debian_linux, Qemu | 2.3 | ||
| 2020-12-31 | CVE-2020-11947 | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | Qemu | 3.8 | ||
| 2020-01-16 | CVE-2020-7039 | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. | Debian_linux, Libslirp, Leap, Qemu | 5.6 | ||
| 2021-01-30 | CVE-2020-17380 | A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. | Qemu | 6.3 | ||
| 2020-12-31 | CVE-2019-20808 | In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. | Qemu | 6.5 | ||
| 2021-01-28 | CVE-2020-35517 | A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. | Qemu | 8.2 |