VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2016-9104MedDec 9, 2016
    risk 0.29cvss 4.4epss 0.00

    Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds…

  • CVE-2016-7423MedOct 10, 2016
    risk 0.29cvss 4.4epss 0.00

    The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest…

  • CVE-2016-7909MedOct 5, 2016
    risk 0.29cvss 4.4epss 0.00

    The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.

  • CVE-2016-7908MedOct 5, 2016
    risk 0.29cvss 4.4epss 0.00

    The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors…

  • CVE-2016-7907MedOct 5, 2016
    risk 0.29cvss 4.4epss 0.00

    The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors…

  • CVE-2016-5105MedSep 2, 2016
    risk 0.29cvss 4.4epss 0.00

    The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware…

  • CVE-2016-5238MedJun 14, 2016
    risk 0.29cvss 4.4epss 0.00

    The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.

  • CVE-2016-4453MedJun 1, 2016
    risk 0.29cvss 4.4epss 0.00

    The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.

  • CVE-2025-8860LowFeb 18, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data…

  • CVE-2016-9908LowDec 23, 2016
    risk 0.21cvss 3.3epss 0.00

    Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes.

  • CVE-2024-8612LowSep 20, 2024
    risk 0.18cvss 3.8epss 0.00

    A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest.…

  • CVE-2019-12928Jun 24, 2019
    risk 0.07cvss epss 0.23

    The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been…

  • CVE-2015-3456May 13, 2015
    risk 0.04cvss epss 0.15

    The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND,…

  • CVE-2008-2382Dec 24, 2008
    risk 0.04cvss epss 0.07

    The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

  • CVE-2007-6227Dec 4, 2007
    risk 0.03cvss epss 0.01

    QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.

  • CVE-2020-14364Aug 31, 2020
    risk 0.01cvss epss 0.05

    An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw…

  • CVE-2015-5165Aug 12, 2015
    risk 0.01cvss epss 0.13

    The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

  • CVE-2015-3209Jun 15, 2015
    risk 0.01cvss epss 0.10

    Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

  • CVE-2025-54566Jul 25, 2025
    risk 0.00cvss epss 0.00

    hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.

  • CVE-2025-54567Jul 25, 2025
    risk 0.00cvss epss 0.00

    hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.

Page 10 of 22