VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2016-9381HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.00

    Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

  • CVE-2015-6855HigNov 6, 2015
    risk 0.49cvss 7.5epss 0.04

    hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty…

  • CVE-2014-0143HigAug 10, 2017
    risk 0.46cvss 7.0epss 0.00

    Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in…

  • CVE-2017-8284HigApr 26, 2017
    risk 0.46cvss 7.0epss 0.00

    The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid…

  • CVE-2015-8743HigDec 29, 2016
    risk 0.46cvss 7.1epss 0.00

    QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.

  • CVE-2016-2538HigJun 16, 2016
    risk 0.46cvss 7.1epss 0.00

    Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that…

  • CVE-2016-6351MedSep 7, 2016
    risk 0.44cvss 6.7epss 0.00

    The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU…

  • CVE-2016-4439MedMay 20, 2016
    risk 0.44cvss 6.7epss 0.00

    The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially…

  • CVE-2016-9602HigApr 26, 2018
    risk 0.43cvss 7.6epss 0.04

    Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

  • CVE-2026-0665MedFeb 18, 2026
    risk 0.42cvss 6.5epss 0.00

    An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential memory corruption.

  • CVE-2025-11234HigOct 3, 2025
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client…

  • CVE-2017-17381MedDec 7, 2017
    risk 0.42cvss 6.5epss 0.00

    The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.

  • CVE-2017-13673MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.03

    The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.

  • CVE-2017-12809MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.00

    QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.

  • CVE-2017-8379MedMay 23, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.

  • CVE-2017-8112MedMay 2, 2017
    risk 0.42cvss 6.5epss 0.00

    hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.

  • CVE-2017-8086MedMay 2, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.

  • CVE-2015-8345MedApr 13, 2017
    risk 0.42cvss 6.5epss 0.00

    The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.

  • CVE-2015-8613MedApr 11, 2017
    risk 0.42cvss 6.5epss 0.00

    Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.

  • CVE-2015-8568MedApr 11, 2017
    risk 0.42cvss 6.5epss 0.00

    Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.

Page 3 of 22