Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Qemu
(Qemu)| Repositories |
• https://github.com/qemu/qemu
• https://github.com/bonzini/qemu • https://github.com/torvalds/linux |
| #Vulnerabilities | 406 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-16 | CVE-2022-26353 | A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. | Debian_linux, Qemu | 7.5 | ||
| 2022-03-16 | CVE-2022-26354 | A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. | Debian_linux, Qemu | 3.2 | ||
| 2022-05-02 | CVE-2021-3750 | A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial... | Qemu, Enterprise_linux | 8.2 | ||
| 2022-05-11 | CVE-2021-3611 | A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. | Qemu, Enterprise_linux | 6.5 | ||
| 2022-08-26 | CVE-2022-0216 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. | Fedora, Qemu | 4.4 | ||
| 2022-09-29 | CVE-2014-0144 | QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process. | Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_openstack_platform, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | 8.6 | ||
| 2022-09-29 | CVE-2014-0147 | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | Fedora, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_openstack_platform, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | 6.2 | ||
| 2022-09-29 | CVE-2014-0148 | Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS. | Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_openstack_platform, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Virtualization | 5.5 | ||
| 2022-03-23 | CVE-2021-3748 | A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. | Ubuntu_linux, Debian_linux, Fedora, Qemu, Enterprise_linux, Enterprise_linux_advanced_virtualization_eus | 7.5 | ||
| 2022-08-29 | CVE-2022-0358 | A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group,... | Qemu, Enterprise_linux | 7.8 |