Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Qemu Subscribe
Filtered by product Qemu
Total 392 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4111 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Enterprise Linux Server Supplementary 2023-02-12 6.8 MEDIUM N/A
Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.
CVE-2011-1750 1 Qemu 1 Qemu 2023-02-12 7.4 HIGH N/A
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.
CVE-2011-1751 1 Qemu 1 Qemu 2023-02-12 7.4 HIGH N/A
The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."
CVE-2010-0741 3 Kvm Qumranet, Linux, Qemu 3 Kvm, Linux Kernel, Qemu 2023-02-12 7.8 HIGH N/A
The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO).
CVE-2010-0297 1 Qemu 1 Qemu 2023-02-12 7.2 HIGH N/A
Buffer overflow in the usb_host_handle_control function in the USB passthrough handling implementation in usb-linux.c in QEMU before 0.11.1 allows guest OS users to cause a denial of service (guest OS crash or hang) or possibly execute arbitrary code on the host OS via a crafted USB packet.
CVE-2011-3346 3 Qemu, Redhat, Xen 3 Qemu, Enterprise Linux, Xen 2023-02-12 4.0 MEDIUM N/A
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.
CVE-2011-2212 1 Qemu 1 Qemu 2023-02-12 7.4 HIGH N/A
Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."
CVE-2015-8744 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
CVE-2015-8504 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 3.5 LOW 6.5 MEDIUM
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
CVE-2015-8745 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
CVE-2015-7549 1 Qemu 1 Qemu 2023-02-12 2.1 LOW 6.0 MEDIUM
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
CVE-2015-7512 4 Debian, Oracle, Qemu and 1 more 9 Debian Linux, Linux, Qemu and 6 more 2023-02-12 6.8 MEDIUM 9.0 CRITICAL
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
CVE-2015-7504 3 Debian, Qemu, Xen 3 Debian Linux, Qemu, Xen 2023-02-12 4.6 MEDIUM 8.8 HIGH
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
CVE-2015-5279 1 Qemu 1 Qemu 2023-02-12 7.2 HIGH N/A
Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
CVE-2015-5225 3 Fedoraproject, Qemu, Redhat 3 Fedora, Qemu, Openstack 2023-02-12 7.2 HIGH N/A
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.
CVE-2015-5154 4 Fedoraproject, Qemu, Suse and 1 more 8 Fedora, Qemu, Linux Enterprise Debuginfo and 5 more 2023-02-12 7.2 HIGH N/A
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
CVE-2015-3214 6 Arista, Debian, Lenovo and 3 more 19 Eos, Debian Linux, Emc Px12-400r Ivx and 16 more 2023-02-12 6.9 MEDIUM N/A
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
CVE-2015-3209 8 Arista, Canonical, Debian and 5 more 19 Eos, Ubuntu Linux, Debian Linux and 16 more 2023-02-12 7.5 HIGH N/A
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
CVE-2015-1779 6 Canonical, Debian, Fedoraproject and 3 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2023-02-12 7.8 HIGH 8.6 HIGH
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
CVE-2014-9718 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 4.9 MEDIUM N/A
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.