Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Qemu Subscribe
Total 392 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8817 1 Qemu 1 Qemu 2023-02-12 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.
CVE-2015-8666 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 3.3 LOW 7.9 HIGH
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
CVE-2022-0216 2 Fedoraproject, Qemu 2 Fedora, Qemu 2023-02-12 N/A 4.4 MEDIUM
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
CVE-2022-26354 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 2.1 LOW 3.2 LOW
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
CVE-2021-20257 4 Debian, Fedoraproject, Qemu and 1 more 8 Debian Linux, Fedora, Qemu and 5 more 2023-02-12 2.1 LOW 6.5 MEDIUM
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20196 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 2.1 LOW 6.5 MEDIUM
A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-20221 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Enterprise Linux 2023-02-12 2.1 LOW 6.0 MEDIUM
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
CVE-2022-26353 2 Debian, Qemu 2 Debian Linux, Qemu 2023-02-12 5.0 MEDIUM 7.5 HIGH
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
CVE-2022-4172 2 Fedoraproject, Qemu 2 Fedora, Qemu 2023-02-01 N/A 6.5 MEDIUM
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.
CVE-2022-4144 3 Fedoraproject, Qemu, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Qemu and 1 more 2023-01-27 N/A 6.5 MEDIUM
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
CVE-2020-10702 1 Qemu 1 Qemu 2023-01-27 2.1 LOW 5.5 MEDIUM
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.
CVE-2019-20382 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2023-01-23 2.7 LOW 3.5 LOW
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
CVE-2022-3165 2 Fedoraproject, Qemu 2 Fedora, Qemu 2023-01-20 N/A 6.5 MEDIUM
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.
CVE-2021-3748 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2023-01-03 6.9 MEDIUM 7.5 HIGH
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
CVE-2022-0358 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2022-12-09 N/A 7.8 HIGH
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
CVE-2022-35414 2 Debian, Qemu 2 Debian Linux, Qemu 2022-12-09 6.1 MEDIUM 8.8 HIGH
** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time."
CVE-2021-4207 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Enterprise Linux 2022-11-29 4.6 MEDIUM 8.2 HIGH
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
CVE-2020-13362 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2022-11-28 2.1 LOW 3.2 LOW
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
CVE-2020-13361 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2022-11-28 3.3 LOW 3.9 LOW
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
CVE-2020-14364 6 Canonical, Debian, Fedoraproject and 3 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2022-11-16 4.4 MEDIUM 5.0 MEDIUM
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.