VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2020-12829Aug 31, 2020
    risk 0.00cvss epss 0.00

    In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU…

  • CVE-2020-14415Aug 27, 2020
    risk 0.00cvss epss 0.00

    oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.

  • CVE-2020-16092Aug 11, 2020
    risk 0.00cvss epss 0.00

    In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition…

  • CVE-2020-15863Jul 28, 2020
    risk 0.00cvss epss 0.00

    hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host,…

  • CVE-2020-15859Jul 21, 2020
    risk 0.00cvss epss 0.00

    QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

  • CVE-2020-10756Jul 9, 2020
    risk 0.00cvss epss 0.01

    An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents…

  • CVE-2020-15469Jul 2, 2020
    risk 0.00cvss epss 0.00

    In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

  • CVE-2020-10761Jun 9, 2020
    risk 0.00cvss epss 0.02

    An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use…

  • CVE-2020-10702Jun 4, 2020
    risk 0.00cvss epss 0.00

    A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same…

  • CVE-2020-13765Jun 4, 2020
    risk 0.00cvss epss 0.02

    rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

  • CVE-2020-13791Jun 4, 2020
    risk 0.00cvss epss 0.00

    hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.

  • CVE-2020-13800Jun 4, 2020
    risk 0.00cvss epss 0.00

    ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

  • CVE-2020-13754Jun 2, 2020
    risk 0.00cvss epss 0.00

    hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

  • CVE-2020-13659Jun 2, 2020
    risk 0.00cvss epss 0.00

    address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.

  • CVE-2020-13362May 28, 2020
    risk 0.00cvss epss 0.00

    In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

  • CVE-2020-13361May 28, 2020
    risk 0.00cvss epss 0.00

    In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

  • CVE-2020-13253May 27, 2020
    risk 0.00cvss epss 0.00

    sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

  • CVE-2020-10717May 4, 2020
    risk 0.00cvss epss 0.00

    A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors…

  • CVE-2020-11869Apr 27, 2020
    risk 0.00cvss epss 0.00

    An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this…

  • CVE-2020-11102Apr 6, 2020
    risk 0.00cvss epss 0.02

    hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.

Page 16 of 22