Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Qemu
(Qemu)Repositories |
• https://github.com/qemu/qemu
• https://github.com/bonzini/qemu • https://github.com/torvalds/linux |
#Vulnerabilities | 406 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-12-06 | CVE-2018-19665 | The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. | Leap, Qemu | 5.7 | ||
2016-12-23 | CVE-2016-9923 | Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. | Qemu | 5.5 | ||
2016-12-23 | CVE-2016-9912 | Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. | Qemu | 6.5 | ||
2016-12-23 | CVE-2016-9908 | Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes. | Qemu | 3.3 | ||
2016-12-09 | CVE-2016-9101 | Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device. | Debian_linux, Leap, Qemu | 6.0 | ||
2016-04-26 | CVE-2016-4002 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. | Ubuntu_linux, Debian_linux, Fedora, Qemu | 9.8 | ||
2017-04-13 | CVE-2015-8619 | The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). | Debian_linux, Qemu | 7.5 | ||
2017-04-13 | CVE-2015-8345 | The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. | Debian_linux, Qemu | 6.5 | ||
2018-06-21 | CVE-2018-12617 | qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. | Ubuntu_linux, Debian_linux, Qemu | 7.5 | ||
2017-09-08 | CVE-2017-14167 | Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. | Debian_linux, Qemu | 8.8 |