Vendor
QEMU
The Quick Emulator (QEMU) is a free and open-source machine emulator and virtualizer. As a Virtual Machine Monitor (VMM) it supports a number of hypervisors, including the Linux-based Kernel-based Virtual Machine (KVM), Xen, MacOS's HVF, Window's Hyper-V and a number of others. It is also capable of emulating a number of instruction set architectures on any supported host through its JIT binary translator known as the Tiny Code Generator (TCG). This allows it to emulate full systems or run individual programs compiled for one processor architecture on any other.
Products
1
CVEs
194
Across products
2,539
Status
Private
Products
1- 2,539 CVEs
Recent CVEs
194| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16845 | Cri | 0.65 | 10.0 | 0.02 | Nov 17, 2017 | hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | |
| CVE-2017-8380 | Cri | 0.64 | 9.8 | 0.03 | Aug 28, 2017 | Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. | |
| CVE-2016-4002 | Cri | 0.64 | 9.8 | 0.08 | Apr 26, 2016 | Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes. | |
| CVE-2009-3616 | Cri | 0.64 | 9.9 | 0.01 | Oct 23, 2009 | Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities. | |
| CVE-2015-7512 | Cri | 0.60 | 9.0 | 0.21 | Jan 8, 2016 | Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. | |
| CVE-2017-14167 | Hig | 0.57 | 8.8 | 0.00 | Sep 8, 2017 | Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. | |
| CVE-2017-5931 | Hig | 0.57 | 8.8 | 0.00 | Mar 27, 2017 | Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow. | |
| CVE-2016-3710 | Hig | 0.57 | 8.8 | 0.00 | May 11, 2016 | The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | |
| CVE-2016-4001 | Hig | 0.56 | 8.6 | 0.07 | May 23, 2016 | Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet. | |
| CVE-2015-1779 | Hig | 0.56 | 8.6 | 0.06 | Jan 12, 2016 | The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | |
| CVE-2016-2857 | Hig | 0.55 | 8.4 | 0.00 | Apr 12, 2016 | The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. | |
| CVE-2014-0145 | Hig | 0.51 | 7.8 | 0.00 | Aug 10, 2017 | Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c). | |
| CVE-2017-7980 | Hig | 0.51 | 7.8 | 0.00 | Jul 25, 2017 | Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. | |
| CVE-2017-7493 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2017 | Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. | |
| CVE-2016-5338 | Hig | 0.51 | 7.8 | 0.00 | Jun 14, 2016 | The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. | |
| CVE-2016-5126 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2016 | Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. | |
| CVE-2018-17958 | Hig | 0.49 | 7.5 | 0.01 | Oct 9, 2018 | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | |
| CVE-2017-15268 | Hig | 0.49 | 7.5 | 0.02 | Oct 12, 2017 | Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | |
| CVE-2017-13711 | Hig | 0.49 | 7.5 | 0.01 | Sep 1, 2017 | Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | |
| CVE-2017-9524 | Hig | 0.49 | 7.5 | 0.02 | Jul 6, 2017 | The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. |