VYPR

Qemu

by QEMU

Source repositories

CVEs (438)

  • CVE-2015-8558MedMay 23, 2016
    risk 0.36cvss 5.5epss 0.00

    The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.

  • CVE-2016-3712MedMay 11, 2016
    risk 0.36cvss 5.5epss 0.01

    Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

  • CVE-2015-5158MedApr 12, 2016
    risk 0.36cvss 5.5epss 0.00

    Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block.

  • CVE-2017-2633MedJul 27, 2018
    risk 0.35cvss 5.4epss 0.03

    An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU…

  • CVE-2017-7539MedJul 26, 2018
    risk 0.35cvss 5.3epss 0.06

    An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A…

  • CVE-2026-2243MedFeb 19, 2026
    risk 0.33cvss 5.1epss 0.00

    A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).

  • CVE-2016-2391MedJun 16, 2016
    risk 0.33cvss 5.0epss 0.00

    The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.

  • CVE-2024-3447MedNov 14, 2024
    risk 0.32cvss 6.0epss 0.01

    A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on…

  • CVE-2016-9603MedJul 27, 2018
    risk 0.29cvss 5.5epss 0.04

    A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest…

  • CVE-2017-18030MedJan 23, 2018
    risk 0.29cvss 4.4epss 0.00

    The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.

  • CVE-2017-11334MedAug 2, 2017
    risk 0.29cvss 4.4epss 0.01

    The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.

  • CVE-2016-7421MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.

  • CVE-2016-7170MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing…

  • CVE-2016-7157MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.

  • CVE-2016-7156MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.

  • CVE-2016-7155MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings.

  • CVE-2016-6888MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL…

  • CVE-2016-6834MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.

  • CVE-2016-6833MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.

  • CVE-2016-6490MedDec 10, 2016
    risk 0.29cvss 4.4epss 0.00

    The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.

Page 9 of 22