Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Qemu Subscribe
Total 392 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35504 3 Debian, Fedoraproject, Qemu 3 Debian Linux, Fedora, Qemu 2022-09-22 2.1 LOW 6.0 MEDIUM
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-3735 2 Debian, Qemu 2 Debian Linux, Qemu 2022-09-01 N/A 4.4 MEDIUM
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.
CVE-2020-35506 1 Qemu 1 Qemu 2022-08-31 4.6 MEDIUM 6.7 MEDIUM
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.
CVE-2021-20255 2 Debian, Qemu 2 Debian Linux, Qemu 2022-08-05 2.1 LOW 5.5 MEDIUM
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2015-5239 5 Arista, Canonical, Fedoraproject and 2 more 8 Eos, Ubuntu Linux, Fedora and 5 more 2022-06-04 4.0 MEDIUM 6.5 MEDIUM
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
CVE-2020-35503 2 Fedoraproject, Qemu 2 Fedora, Qemu 2022-05-13 2.1 LOW 6.0 MEDIUM
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2020-27661 1 Qemu 1 Qemu 2022-05-13 2.1 LOW 6.5 MEDIUM
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
CVE-2019-12067 4 Debian, Fedoraproject, Qemu and 1 more 5 Debian Linux, Fedora, Qemu and 2 more 2022-05-13 2.1 LOW 6.5 MEDIUM
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
CVE-2020-13800 3 Canonical, Opensuse, Qemu 3 Ubuntu Linux, Leap, Qemu 2022-04-28 4.9 MEDIUM 6.0 MEDIUM
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
CVE-2019-8934 2 Opensuse, Qemu 2 Leap, Qemu 2022-04-05 2.1 LOW 3.3 LOW
hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.
CVE-2020-1711 4 Debian, Opensuse, Qemu and 1 more 5 Debian Linux, Leap, Qemu and 2 more 2022-04-05 6.0 MEDIUM 6.0 MEDIUM
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
CVE-2015-5745 3 Arista, Fedoraproject, Qemu 3 Eos, Fedora, Qemu 2022-02-19 4.0 MEDIUM 6.5 MEDIUM
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
CVE-2020-27616 1 Qemu 1 Qemu 2022-01-01 4.0 MEDIUM 6.5 MEDIUM
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
CVE-2015-6855 6 Arista, Canonical, Debian and 3 more 7 Eos, Ubuntu Linux, Debian Linux and 4 more 2021-12-15 5.0 MEDIUM 7.5 HIGH
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
CVE-2015-6815 7 Arista, Canonical, Fedoraproject and 4 more 11 Eos, Ubuntu Linux, Fedora and 8 more 2021-11-30 2.7 LOW 3.5 LOW
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVE-2015-5278 4 Arista, Canonical, Fedoraproject and 1 more 4 Eos, Ubuntu Linux, Fedora and 1 more 2021-11-30 4.0 MEDIUM 6.5 MEDIUM
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-3456 3 Qemu, Redhat, Xen 5 Qemu, Enterprise Linux, Enterprise Virtualization and 2 more 2021-11-17 7.7 HIGH N/A
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
CVE-2017-2630 1 Qemu 1 Qemu 2021-09-08 6.5 MEDIUM 8.8 HIGH
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.
CVE-2018-18438 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2021-08-04 2.1 LOW 5.5 MEDIUM
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2016-3710 7 Canonical, Citrix, Debian and 4 more 15 Ubuntu Linux, Xenserver, Debian Linux and 12 more 2021-08-04 7.2 HIGH 8.8 HIGH
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.