rpm package
opensuse/qemu&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed
Vulnerabilities (224)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3682 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Aug 5, 2021 | A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit | ||
| CVE-2021-3546 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jun 2, 2021 | An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to cras | ||
| CVE-2021-3545 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jun 2, 2021 | An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized me | ||
| CVE-2021-3544 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jun 2, 2021 | Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effectiv | ||
| CVE-2020-35503 | — | < 6.2.0-41.1 | 6.2.0-41.1 | Jun 2, 2021 | A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest us | ||
| CVE-2013-4536 | — | < 2.6.1-1.5 | 2.6.1-1.5 | May 28, 2021 | An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU pro | ||
| CVE-2021-3527 | — | < 6.1.0-32.1 | 6.1.0-32.1 | May 26, 2021 | A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array | ||
| CVE-2021-20221 | — | < 6.1.0-32.1 | 6.1.0-32.1 | May 13, 2021 | An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide | ||
| CVE-2021-20181 | — | < 6.1.0-32.1 | 6.1.0-32.1 | May 13, 2021 | A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to con | ||
| CVE-2021-3416 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Mar 18, 2021 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles | ||
| CVE-2021-20263 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Mar 9, 2021 | A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstance | ||
| CVE-2021-20203 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Feb 25, 2021 | An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the hos | ||
| CVE-2020-17380 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jan 30, 2021 | A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the | ||
| CVE-2020-27821 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Dec 8, 2020 | A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the | ||
| CVE-2020-25723 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Dec 2, 2020 | A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the | ||
| CVE-2020-29129 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Nov 26, 2020 | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | ||
| CVE-2020-25085 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Sep 25, 2020 | QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | ||
| CVE-2020-14364 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Aug 31, 2020 | An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw all | ||
| CVE-2020-16092 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Aug 11, 2020 | In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition | ||
| CVE-2020-10761 | — | < 6.1.0-32.1 | 6.1.0-32.1 | Jun 9, 2020 | An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use thi |
- CVE-2021-3682Aug 5, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() wit
- CVE-2021-3546Jun 2, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to cras
- CVE-2021-3545Jun 2, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized me
- CVE-2021-3544Jun 2, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effectiv
- CVE-2020-35503Jun 2, 2021affected < 6.2.0-41.1fixed 6.2.0-41.1
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest us
- CVE-2013-4536May 28, 2021affected < 2.6.1-1.5fixed 2.6.1-1.5
An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU pro
- CVE-2021-3527May 26, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array
- CVE-2021-20221May 13, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide
- CVE-2021-20181May 13, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to con
- CVE-2021-3416Mar 18, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles
- CVE-2021-20263Mar 9, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstance
- CVE-2021-20203Feb 25, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the hos
- CVE-2020-17380Jan 30, 2021affected < 6.1.0-32.1fixed 6.1.0-32.1
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the
- CVE-2020-27821Dec 8, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the
- CVE-2020-25723Dec 2, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the
- CVE-2020-29129Nov 26, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
- CVE-2020-25085Sep 25, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
- CVE-2020-14364Aug 31, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw all
- CVE-2020-16092Aug 11, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition
- CVE-2020-10761Jun 9, 2020affected < 6.1.0-32.1fixed 6.1.0-32.1
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use thi
Page 3 of 12