VYPR

rpm package

opensuse/qemu&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed

Vulnerabilities (224)

  • CVE-2026-2243MedFeb 19, 2026
    affected < 10.2.2-1.1fixed 10.2.2-1.1

    A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).

  • CVE-2026-0665MedFeb 18, 2026
    affected < 10.2.0-2.1fixed 10.2.0-2.1

    An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

  • CVE-2025-14876MedFeb 18, 2026
    affected < 10.2.1-1.1fixed 10.2.1-1.1

    A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU process

  • CVE-2025-12464MedOct 31, 2025
    affected < 10.1.3-1.1fixed 10.1.3-1.1

    A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in loop

  • CVE-2025-11234HigOct 3, 2025
    affected < 10.1.3-1.1fixed 10.1.3-1.1

    A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client w

  • CVE-2025-54566MedJul 25, 2025
    affected < 10.0.3-1.1fixed 10.0.3-1.1

    hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.

  • CVE-2024-3447MedNov 14, 2024
    affected < 8.2.2-2.1fixed 8.2.2-2.1

    A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on t

  • CVE-2024-8612LowSep 20, 2024
    affected < 9.1.0-2.1fixed 9.1.0-2.1

    A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest.

  • CVE-2024-7409HigAug 5, 2024
    affected < 9.1.0-2.1fixed 9.1.0-2.1

    A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline.

  • CVE-2024-4467HigJul 2, 2024
    affected < 9.1.0-2.1fixed 9.1.0-2.1

    A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of

  • CVE-2024-3567MedApr 10, 2024
    affected < 8.2.2-2.1fixed 8.2.2-2.1

    A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condit

  • CVE-2024-3446HigApr 9, 2024
    affected < 8.2.2-2.1fixed 8.2.2-2.1

    A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU proce

  • CVE-2024-26328MedFeb 19, 2024
    affected < 8.2.2-2.1fixed 8.2.2-2.1

    An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.

  • CVE-2023-6693MedJan 2, 2024
    affected < 8.2.1-1.1fixed 8.2.1-1.1

    A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious use

  • CVE-2023-2861MedDec 6, 2023
    affected < 8.0.3-1.1fixed 8.0.3-1.1

    A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the share

  • CVE-2023-3301MedSep 13, 2023
    affected < 8.0.3-1.1fixed 8.0.3-1.1

    A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

  • CVE-2023-3255MedSep 13, 2023
    affected < 8.0.3-2.1fixed 8.0.3-2.1

    A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is

  • CVE-2023-42467MedSep 11, 2023
    affected < 8.1.2-1.1fixed 8.1.2-1.1

    QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

  • CVE-2023-3180MedAug 3, 2023
    affected < 8.0.4-1.1fixed 8.0.4-1.1

    A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the

  • CVE-2023-3354HigJul 11, 2023
    affected < 8.0.4-1.1fixed 8.0.4-1.1

    A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake ph

Page 1 of 12