VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2016-9907MedDec 23, 2016
    risk 0.42cvss 6.5epss 0.00

    Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a…

  • CVE-2016-2392MedJun 16, 2016
    risk 0.42cvss 6.5epss 0.00

    The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process…

  • CVE-2016-4020MedMay 25, 2016
    risk 0.42cvss 6.5epss 0.00

    The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

  • CVE-2016-2858MedApr 7, 2016
    risk 0.42cvss 6.5epss 0.00

    QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.

  • CVE-2025-12464MedOct 31, 2025
    risk 0.40cvss 6.2epss 0.00

    A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devices and moved to the net core code. The issue stems from the device's receive code still being able to process a short frame in…

  • CVE-2023-3019MedJul 24, 2023
    risk 0.39cvss 6.0epss 0.00

    A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.

  • CVE-2018-5683MedJan 23, 2018
    risk 0.39cvss 6.0epss 0.01

    The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

  • CVE-2015-7549MedOct 30, 2017
    risk 0.39cvss 6.0epss 0.00

    The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.

  • CVE-2017-15289MedOct 16, 2017
    risk 0.39cvss 6.0epss 0.00

    The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.

  • CVE-2017-7377MedApr 10, 2017
    risk 0.39cvss 6.0epss 0.00

    The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.

  • CVE-2016-10155MedMar 15, 2017
    risk 0.39cvss 6.0epss 0.00

    Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.

  • CVE-2016-7995MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.

  • CVE-2016-7994MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.

  • CVE-2016-7466MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.

  • CVE-2016-7422MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.

  • CVE-2016-7116MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.01

    Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.

  • CVE-2016-6836MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.

  • CVE-2016-6835MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.

  • CVE-2016-4964MedDec 10, 2016
    risk 0.39cvss 6.0epss 0.00

    The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state.

  • CVE-2016-9106MedDec 9, 2016
    risk 0.39cvss 6.0epss 0.00

    Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.

Page 5 of 22