Product:
Qemu
(Qemu)| Repositories |
• https://github.com/qemu/qemu
• https://github.com/torvalds/linux • https://github.com/bonzini/qemu |
| #Vulnerabilities | 318 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-12-13 | CVE-2018-16872 | A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and... | Ubuntu_linux, Debian_linux, Fedora, Leap, Qemu | 5.3 | ||
| 2020-12-04 | CVE-2020-28916 | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | Qemu | 5.5 | ||
| 2020-11-30 | CVE-2020-25624 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. | Qemu | 9.1 | ||
| 2020-11-06 | CVE-2020-27617 | eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. | Qemu | 6.5 | ||
| 2020-11-06 | CVE-2020-27616 | ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. | Qemu | 6.5 | ||
| 2020-09-25 | CVE-2020-25625 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. | Qemu | 5.3 | ||
| 2020-09-25 | CVE-2020-25085 | QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | Qemu | 5.0 | ||
| 2020-10-16 | CVE-2020-24352 | An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | Qemu | 5.5 | ||
| 2017-03-27 | CVE-2017-5973 | The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. | Debian_linux, Qemu, Openstack, Virtualization | 5.5 | ||
| 2017-03-20 | CVE-2017-6058 | Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping. | Qemu | 7.5 |