Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Qemu
(Qemu)Repositories |
• https://github.com/qemu/qemu
• https://github.com/bonzini/qemu • https://github.com/torvalds/linux |
#Vulnerabilities | 406 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-05-11 | CVE-2021-3611 | A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. | Qemu, Enterprise_linux | 6.5 | ||
2022-08-26 | CVE-2022-0216 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. | Fedora, Qemu | 4.4 | ||
2022-09-29 | CVE-2014-0144 | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_openstack_platform, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | 8.6 | ||
2022-09-29 | CVE-2014-0147 | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | Fedora, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_openstack_platform, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | 6.2 | ||
2022-09-29 | CVE-2014-0148 | Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. | Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_openstack_platform, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | 5.5 | ||
2022-03-23 | CVE-2021-3748 | A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. | Ubuntu_linux, Debian_linux, Fedora, Qemu, Enterprise_linux, Enterprise_linux_advanced_virtualization_eus | 7.5 | ||
2022-08-29 | CVE-2022-0358 | A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group,... | Qemu, Enterprise_linux | 7.8 | ||
2020-05-28 | CVE-2020-13361 | In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. | Ubuntu_linux, Debian_linux, Leap, Qemu | 3.9 | ||
2020-05-28 | CVE-2020-13362 | In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. | Ubuntu_linux, Debian_linux, Leap, Qemu | 3.2 | ||
2020-06-02 | CVE-2020-13659 | address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. | Ubuntu_linux, Debian_linux, Leap, Qemu | 2.5 |