VYPR

Qemu

by Xen

CVEs (5)

  • CVE-2024-3446HigApr 9, 2024
    risk 0.53cvss 8.2epss 0.00

    A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU…

  • CVE-2023-3019MedJul 24, 2023
    risk 0.39cvss 6.0epss 0.00

    A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.

  • CVE-2023-6693Jan 2, 2024
    risk 0.00cvss epss 0.00

    A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious…

  • CVE-2023-4135Aug 4, 2023
    risk 0.00cvss epss 0.00

    A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an…

  • CVE-2007-0998Mar 20, 2007
    risk 0.00cvss epss 0.02

    The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a…