Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Total 421 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-7156 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 2.1 LOW 4.4 MEDIUM
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.
CVE-2016-9106 3 Debian, Opensuse, Qemu 3 Debian Linux, Leap, Qemu 2025-04-12 2.1 LOW 6.0 MEDIUM
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
CVE-2015-8817 1 Qemu 1 Qemu 2025-04-12 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.
CVE-2014-0223 2 Qemu, Suse 2 Qemu, Linux Enterprise Server 2025-04-12 4.6 MEDIUM N/A
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
CVE-2015-6855 6 Arista, Canonical, Debian and 3 more 7 Eos, Ubuntu Linux, Debian Linux and 4 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
CVE-2013-4151 1 Qemu 1 Qemu 2025-04-12 7.5 HIGH N/A
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.
CVE-2013-4544 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2025-04-12 4.9 MEDIUM N/A
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.
CVE-2016-4441 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 2.1 LOW 6.0 MEDIUM
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.
CVE-2016-5107 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 1.9 LOW 6.0 MEDIUM
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
CVE-2013-4149 1 Qemu 1 Qemu 2025-04-12 7.5 HIGH N/A
Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.
CVE-2013-4527 1 Qemu 1 Qemu 2025-04-12 7.5 HIGH N/A
Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.
CVE-2016-2392 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2025-04-12 2.1 LOW 6.5 MEDIUM
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.
CVE-2016-9915 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 4.9 MEDIUM 6.5 MEDIUM
Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.
CVE-2016-2538 1 Qemu 1 Qemu 2025-04-12 3.6 LOW 7.1 HIGH
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
CVE-2016-9103 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 2.1 LOW 6.0 MEDIUM
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
CVE-2016-7157 1 Qemu 1 Qemu 2025-04-12 2.1 LOW 4.4 MEDIUM
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.
CVE-2015-8744 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 2.1 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
CVE-2016-7994 2 Opensuse, Qemu 2 Leap, Qemu 2025-04-12 2.1 LOW 6.0 MEDIUM
Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.
CVE-2013-4526 1 Qemu 1 Qemu 2025-04-12 7.5 HIGH N/A
Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.
CVE-2016-7995 2 Opensuse, Qemu 2 Leap, Qemu 2025-04-12 2.1 LOW 6.0 MEDIUM
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.