Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Qemu
(Qemu)| Repositories |
• https://github.com/qemu/qemu
• https://github.com/bonzini/qemu • https://github.com/torvalds/linux |
| #Vulnerabilities | 406 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-06 | CVE-2023-0330 | A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | Debian_linux, Qemu | 6.0 | ||
| 2023-03-23 | CVE-2023-1544 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. | Fedora, Qemu | 6.3 | ||
| 2023-07-24 | CVE-2023-1386 | A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host. | Fedora, Qemu | 7.8 | ||
| 2023-07-11 | CVE-2023-3354 | A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. | Fedora, Qemu, Enterprise_linux, Openstack_platform | 7.5 | ||
| 2023-12-06 | CVE-2023-2861 | A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | Qemu | 7.1 | ||
| 2024-01-02 | CVE-2023-6693 | A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. | Fedora, Qemu, Enterprise_linux | 5.3 | ||
| 2009-10-23 | CVE-2009-3616 | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. | Qemu, Enterprise_linux_server, Enterprise_linux_workstation | 9.9 | ||
| 2018-03-01 | CVE-2018-7550 | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | Ubuntu_linux, Debian_linux, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.8 | ||
| 2022-08-24 | CVE-2021-4158 | A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | Qemu, Enterprise_linux | 6.0 | ||
| 2023-09-13 | CVE-2023-2680 | This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750. | Qemu, Enterprise_linux | 8.2 |