Qemu - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Qemu
(Qemu)

Repositories	• https://github.com/qemu/qemu • https://github.com/bonzini/qemu • https://github.com/torvalds/linux
#Vulnerabilities	406

Date	Id	Summary	Products	Score	Patch	Annotated
2018-03-12	CVE-2018-7858	Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.	Ubuntu_linux, Leap, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	5.5
2017-06-16	CVE-2017-9503	QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.	Debian_linux, Qemu	5.5
2017-12-07	CVE-2017-17381	The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.	Debian_linux, Qemu	6.5
2017-10-16	CVE-2017-15289	The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.	Qemu	6.0
2017-09-01	CVE-2017-13672	QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.	Debian_linux, Qemu	5.5
2017-08-23	CVE-2017-12809	QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.	Debian_linux, Qemu	6.5
2017-07-25	CVE-2017-11434	The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.	Debian_linux, Qemu	5.5
2017-08-02	CVE-2017-11334	The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.	Debian_linux, Qemu	4.4
2017-08-02	CVE-2017-10806	Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.	Debian_linux, Qemu	5.5
2016-12-29	CVE-2016-9846	QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.	Qemu	6.5