VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2017-9060MedJun 1, 2017
    risk 0.36cvss 5.5epss 0.00

    Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.

  • CVE-2017-7718MedApr 20, 2017
    risk 0.36cvss 5.5epss 0.01

    hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_…

  • CVE-2017-5973MedMar 27, 2017
    risk 0.36cvss 5.5epss 0.00

    The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.

  • CVE-2016-9922MedMar 27, 2017
    risk 0.36cvss 5.5epss 0.00

    The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.

  • CVE-2017-5987MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.00

    The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.

  • CVE-2017-5898MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.00

    Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data…

  • CVE-2016-10029MedFeb 27, 2017
    risk 0.36cvss 5.5epss 0.00

    The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than…

  • CVE-2016-10028MedFeb 27, 2017
    risk 0.36cvss 5.5epss 0.00

    The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with…

  • CVE-2016-9776MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process…

  • CVE-2016-2198MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process…

  • CVE-2016-2197MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could use this flaw to crash…

  • CVE-2016-1981MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated…

  • CVE-2016-1922MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit Windows guests support is vulnerable to a null pointer dereference flaw. It occurs while doing I/O port write operations via hmp interface. In that, 'current_cpu' remains null, which leads to the null pointer…

  • CVE-2015-8818MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.

  • CVE-2015-8817MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest…

  • CVE-2015-8745MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance…

  • CVE-2015-8744MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process…

  • CVE-2016-9923MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.

  • CVE-2016-5403MedAug 2, 2016
    risk 0.36cvss 5.5epss 0.01

    The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

  • CVE-2016-5337MedJun 14, 2016
    risk 0.36cvss 5.5epss 0.00

    The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.

Page 8 of 22