VYPR

apk package

wolfi/qemu-edk2-aarch64

pkg:apk/wolfi/qemu-edk2-aarch64

Vulnerabilities (4)

  • CVE-2024-8354Sep 19, 2024
    affected < 11.0.1-r0fixed 11.0.1-r0

    A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of serv

  • CVE-2024-6505Jul 5, 2024
    affected < 11.0.1-r0fixed 11.0.1-r0

    A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap ove

  • CVE-2023-2680Sep 13, 2023
    affected < 0fixed 0

    This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.

  • CVE-2018-18438Oct 19, 2018
    affected < 0fixed 0

    Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.