Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Qemu Subscribe
Filtered by product Qemu
Total 392 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20216 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2020-05-12 5.0 MEDIUM 7.5 HIGH
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
CVE-2013-4535 2 Qemu, Redhat 6 Qemu, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2020-02-12 7.2 HIGH 8.8 HIGH
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
CVE-2020-7211 3 Libslirp Project, Microsoft, Qemu 3 Libslirp, Windows, Qemu 2020-01-23 5.0 MEDIUM 7.5 HIGH
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
CVE-2013-4532 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2020-01-15 4.6 MEDIUM 7.8 HIGH
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
CVE-2019-20175 1 Qemu 1 Qemu 2020-01-15 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert."
CVE-2017-2633 2 Qemu, Redhat 6 Qemu, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
CVE-2017-15118 3 Canonical, Qemu, Redhat 3 Ubuntu Linux, Qemu, Enterprise Linux 2019-10-09 7.5 HIGH 9.8 CRITICAL
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
CVE-2017-15119 4 Canonical, Debian, Qemu and 1 more 4 Ubuntu Linux, Debian Linux, Qemu and 1 more 2019-10-09 5.0 MEDIUM 8.6 HIGH
The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.
CVE-2016-9602 2 Debian, Qemu 2 Debian Linux, Qemu 2019-10-09 9.0 HIGH 8.8 HIGH
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
CVE-2017-13673 1 Qemu 1 Qemu 2019-10-02 4.0 MEDIUM 6.5 MEDIUM
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
CVE-2017-15268 1 Qemu 1 Qemu 2019-10-02 5.0 MEDIUM 7.5 HIGH
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
CVE-2017-8284 1 Qemu 1 Qemu 2019-10-02 6.9 MEDIUM 7.0 HIGH
** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes."
CVE-2019-15890 2 Libslirp Project, Qemu 2 Libslirp, Qemu 2019-09-20 5.0 MEDIUM 7.5 HIGH
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
CVE-2019-6501 2 Fedoraproject, Qemu 2 Fedora, Qemu 2019-08-06 2.1 LOW 5.5 MEDIUM
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
CVE-2018-20815 1 Qemu 1 Qemu 2019-07-02 7.5 HIGH 9.8 CRITICAL
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
CVE-2018-18954 3 Canonical, Opensuse, Qemu 3 Ubuntu Linux, Leap, Qemu 2019-05-31 2.1 LOW 5.5 MEDIUM
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
CVE-2018-18849 4 Canonical, Fedoraproject, Opensuse and 1 more 4 Ubuntu Linux, Fedora, Leap and 1 more 2019-05-31 2.1 LOW 5.5 MEDIUM
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
CVE-2019-12247 1 Qemu 1 Qemu 2019-05-30 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable.
CVE-2019-5008 1 Qemu 1 Qemu 2019-05-14 5.0 MEDIUM 7.5 HIGH
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
CVE-2017-18043 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2019-03-07 2.1 LOW 5.5 MEDIUM
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).