91 matches found
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
...
PT-2024-7651
Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections table data within RSS becomes controllable. Setting excessively...
Rocky Linux 9 : qemu-kvm (RLSA-2024:2135)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2135 advisory. - A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest...
RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2024:0135)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0135 advisory. Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packag...
CVE-2023-42467
QEMU through 8.0.0 could trigger a division by zero in scsidiskreset in hw/scsi/scsi-disk.c because scsidiskemulatemodeselect does not prevent s-qdev.blocksize from being 256. This stops QEMU and the guest immediately...
CVE-2023-3019
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service...
Design/Logic Flaw
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service...
CVE-2023-3019 Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service...
K57536416: Kernel vulnerability CVE-2019-14835
Security Advisory Description A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid...
K16620: QEMU vulnerability CVE-2015-3456
Security Advisory Description An out-of-bounds memory access flaw, also known as "VENOM," was found in the way QEMU's virtual Floppy Disk Controller FDC handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially...
SUSE CVE-2020-14394
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service...
SUSE CVE-2022-0216
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsidomsgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU...
CVE-2020-14394
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service...
CVE-2021-4206
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on th...
CVE-2021-4206
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursoralloc function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on th...
SUSE SLED15: qemu / qemu-arm / qemu-audio-alsa / qemu-audio-pa / etc (SUSE-SU-2022:0177-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0177-1 advisory. - CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash bsc1181361. Tenable has extracted the...
Denial Of Service
qemu is vulnerable to denial of service. The vulnerability exists due to the handling of the 'Information Transfer' command CMDTI which allows a privileged guest user to crash the QEMU process on the host...
Denial Of Service (DoS)
qemu:devel is vulnerable to denial of serivce. A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEM...
CVE-2021-3546
An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIOGPUCMDGETCAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process on t...
CVE-2021-20221
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to...