Vulnerabilities (CVE)

Filtered by vendor Qemu Subscribe
Filtered by product Qemu
Total 415 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5238 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 2.1 LOW 4.4 MEDIUM
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
CVE-2016-7161 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 10.0 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
CVE-2016-9907 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Enterprise Linux and 2 more 2025-04-12 4.9 MEDIUM 6.5 MEDIUM
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVE-2016-4453 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 4.9 MEDIUM 4.4 MEDIUM
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
CVE-2016-2858 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 1.9 LOW 6.5 MEDIUM
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
CVE-2016-7466 3 Opensuse, Qemu, Redhat 5 Leap, Qemu, Enterprise Linux and 2 more 2025-04-12 1.9 LOW 6.0 MEDIUM
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
CVE-2014-0150 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2025-04-12 4.9 MEDIUM N/A
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
CVE-2016-6834 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 2.1 LOW 4.4 MEDIUM
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
CVE-2016-9101 3 Debian, Opensuse, Qemu 3 Debian Linux, Leap, Qemu 2025-04-12 2.1 LOW 6.0 MEDIUM
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
CVE-2013-4544 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2025-04-12 4.9 MEDIUM N/A
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.
CVE-2016-5107 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 1.9 LOW 6.0 MEDIUM
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
CVE-2016-4952 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 1.9 LOW 6.0 MEDIUM
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.
CVE-2014-5263 1 Qemu 1 Qemu 2025-04-12 6.8 MEDIUM N/A
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infinite loop, and memory corruption) and possibly gain privileges via unspecified vectors.
CVE-2016-8576 4 Debian, Opensuse, Qemu and 1 more 6 Debian Linux, Leap, Qemu and 3 more 2025-04-12 2.1 LOW 6.0 MEDIUM
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
CVE-2016-6833 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 2.1 LOW 4.4 MEDIUM
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active.
CVE-2016-1714 3 Oracle, Qemu, Redhat 3 Linux, Qemu, Openstack 2025-04-12 6.9 MEDIUM 8.1 HIGH
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.
CVE-2014-0222 2 Qemu, Suse 2 Qemu, Linux Enterprise Server 2025-04-12 7.5 HIGH N/A
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
CVE-2016-7170 3 Debian, Opensuse, Qemu 3 Debian Linux, Leap, Qemu 2025-04-12 2.1 LOW 4.4 MEDIUM
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
CVE-2015-7512 4 Debian, Oracle, Qemu and 1 more 9 Debian Linux, Linux, Qemu and 6 more 2025-04-12 6.8 MEDIUM 9.0 CRITICAL
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
CVE-2014-3461 1 Qemu 1 Qemu 2025-04-12 6.8 MEDIUM N/A
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."