VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2022-49297Feb 26, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for more than 368 seconds. Not tainted 5.18.0-rc3-next-20220422-00003-g217691551…

  • CVE-2024-7730Nov 14, 2024
    risk 0.00cvss epss 0.00

    A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of…

  • CVE-2024-6519Oct 21, 2024
    risk 0.00cvss epss 0.00

    A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.

  • CVE-2024-8354Sep 19, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of…

  • CVE-2024-6505Jul 5, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap…

  • CVE-2024-3567Apr 10, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service…

  • CVE-2024-24474Feb 20, 2024
    risk 0.00cvss epss 0.01

    QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len.

  • CVE-2024-26327Feb 19, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.

  • CVE-2024-26328Feb 19, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.

  • CVE-2023-6683Jan 12, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference.…

  • CVE-2023-2861Dec 6, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the…

  • CVE-2023-5088Nov 3, 2023
    risk 0.00cvss epss 0.00

    A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk…

  • CVE-2023-2680Sep 13, 2023
    risk 0.00cvss epss 0.00

    This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.

  • CVE-2023-3255Sep 13, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is…

  • CVE-2023-3301Sep 13, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

  • CVE-2023-42467Sep 11, 2023
    risk 0.00cvss epss 0.00

    QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.

  • CVE-2020-24165Aug 28, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.

  • CVE-2022-36648Aug 22, 2023
    risk 0.00cvss epss 0.01

    The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been…

  • CVE-2023-40360Aug 14, 2023
    risk 0.00cvss epss 0.00

    QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.

  • CVE-2023-4135Aug 4, 2023
    risk 0.00cvss epss 0.00

    A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an…

Page 11 of 22