rpm package
opensuse/qemu&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweed
Vulnerabilities (224)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7471 | Cri | 9.0 | < 6.1.0-32.1 | 6.1.0-32.1 | Jul 9, 2018 | Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to acc | |
| CVE-2017-2615 | Med | 5.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Jul 3, 2018 | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process result | |
| CVE-2018-11806 | Hig | 8.2 | < 6.1.0-32.1 | 6.1.0-32.1 | Jun 13, 2018 | m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. | |
| CVE-2018-3639 | Med | 5.5 | < 6.1.0-32.1 | 6.1.0-32.1 | May 22, 2018 | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka | |
| CVE-2016-9602 | Hig | 7.6 | < 6.1.0-32.1 | 6.1.0-32.1 | Apr 26, 2018 | Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. | |
| CVE-2018-7858 | Med | 5.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Mar 12, 2018 | Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. | |
| CVE-2017-5715 | Med | 5.6 | < 6.1.0-32.1 | 6.1.0-32.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |
| CVE-2017-15289 | Med | 6.0 | < 6.1.0-32.1 | 6.1.0-32.1 | Oct 16, 2017 | The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. | |
| CVE-2017-15268 | Hig | 7.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Oct 12, 2017 | Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | |
| CVE-2017-15038 | Med | 5.6 | < 6.1.0-32.1 | 6.1.0-32.1 | Oct 10, 2017 | Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. | |
| CVE-2017-14167 | Hig | 8.8 | < 6.1.0-32.1 | 6.1.0-32.1 | Sep 8, 2017 | Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. | |
| CVE-2017-13711 | Hig | 7.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Sep 1, 2017 | Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | |
| CVE-2017-13673 | Med | 6.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Aug 29, 2017 | The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. | |
| CVE-2017-8380 | Cri | 9.8 | < 6.1.0-32.1 | 6.1.0-32.1 | Aug 28, 2017 | Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. | |
| CVE-2014-0146 | Med | 5.5 | < 2.6.1-1.5 | 2.6.1-1.5 | Aug 10, 2017 | The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fie | |
| CVE-2014-0145 | Hig | 7.8 | < 2.6.1-1.5 | 2.6.1-1.5 | Aug 10, 2017 | Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncomp | |
| CVE-2014-0143 | Hig | 7.0 | < 2.6.1-1.5 | 2.6.1-1.5 | Aug 10, 2017 | Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the | |
| CVE-2014-0142 | Med | 5.5 | < 2.6.1-1.5 | 2.6.1-1.5 | Aug 10, 2017 | QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c. | |
| CVE-2017-11334 | Med | 4.4 | < 6.1.0-32.1 | 6.1.0-32.1 | Aug 2, 2017 | The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. | |
| CVE-2017-10806 | Med | 5.5 | < 6.1.0-32.1 | 6.1.0-32.1 | Aug 2, 2017 | Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. |
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to acc
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process result
- affected < 6.1.0-32.1fixed 6.1.0-32.1
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
- affected < 2.6.1-1.5fixed 2.6.1-1.5
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fie
- affected < 2.6.1-1.5fixed 2.6.1-1.5
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncomp
- affected < 2.6.1-1.5fixed 2.6.1-1.5
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the
- affected < 2.6.1-1.5fixed 2.6.1-1.5
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
- affected < 6.1.0-32.1fixed 6.1.0-32.1
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
Page 6 of 12