VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2026-48914MedJun 12, 2026
    risk 0.37cvss 6.7epss 0.00

    A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI…

  • CVE-2025-14876MedFeb 18, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by causing the QEMU…

  • CVE-2024-4693MedMay 14, 2024
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the…

  • CVE-2018-15746MedAug 29, 2018
    risk 0.36cvss 5.5epss 0.01

    qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.

  • CVE-2017-2620MedJul 27, 2018
    risk 0.36cvss 5.5epss 0.04

    Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU…

  • CVE-2018-7858MedMar 12, 2018
    risk 0.36cvss 5.5epss 0.01

    Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

  • CVE-2017-18043MedJan 31, 2018
    risk 0.36cvss 5.5epss 0.00

    Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).

  • CVE-2014-3471MedJan 12, 2018
    risk 0.36cvss 5.5epss 0.00

    Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.

  • CVE-2017-15038MedOct 10, 2017
    risk 0.36cvss 5.6epss 0.00

    Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.

  • CVE-2017-13672MedSep 1, 2017
    risk 0.36cvss 5.5epss 0.01

    QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.

  • CVE-2014-0146MedAug 10, 2017
    risk 0.36cvss 5.5epss 0.00

    The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots…

  • CVE-2014-0142MedAug 10, 2017
    risk 0.36cvss 5.5epss 0.00

    QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.

  • CVE-2017-10806MedAug 2, 2017
    risk 0.36cvss 5.5epss 0.00

    Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.

  • CVE-2017-11434MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.00

    The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.

  • CVE-2017-9503MedJun 16, 2017
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.

  • CVE-2017-9375MedJun 16, 2017
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.

  • CVE-2017-9374MedJun 16, 2017
    risk 0.36cvss 5.5epss 0.00

    Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.

  • CVE-2017-9373MedJun 16, 2017
    risk 0.36cvss 5.5epss 0.00

    Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.

  • CVE-2017-9330MedJun 8, 2017
    risk 0.36cvss 5.6epss 0.00

    QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.

  • CVE-2017-9310MedJun 8, 2017
    risk 0.36cvss 5.6epss 0.00

    QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated…

Page 7 of 22