RLSA-2026:18465 Important: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: EDK2: Improper Input Validation allows arbitrary command execution CVE-2025-2296 For more details about the security...

CVE-2025-40265

CVE-2025-40265 affects the Linux kernel vfat filesystem code. A missing return-value check of sb_min_blocksize() could trigger a kernel panic during NVMe/qemu emulation when mounting a vfat filesystem with 8 KiB logical/physical block sizes and no format. The vulnerability is addressed by the ref...

EUVD-2025-201192

In the Linux kernel, the following vulnerability has been resolved: vfat: fix missing sbminblocksize return value checks When emulating an nvme device on qemu with both logicalblocksize and physicalblocksize set to 8 KiB, but without format, a kernel panic was triggered during the early boot stag...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990169)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990169 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, qemu-nbd triggers a io hung: INFO: task...

EUVD-2021-27145

Malware in sbrugna...

AZL-60196 CVE-2024-3447 affecting package qemu for versions less than 6.2.0-24

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a...

The vulnerability of the QEMU hardware emulation software, related to synchronization errors, allows a hacker to trigger a service failure.

The vulnerability of the QEMU hardware emulation software is related to synchronization errors. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

CVE-2023-28381

An OS command injection vulnerability exists in the admin.cgi MVPNtrialinit functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

SUSE CVE-2016-2841

The ne2000receive function in the NE2000 NIC emulation support hw/net/ne2000.c in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash via crafted values for the PSTART and PSTOP registers, involving ring buffer control...

AZL-10721 CVE-2021-3929 affecting package qemu for versions less than 6.2.0-13

A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...

CVE-2021-3750

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...

UBUNTU-CVE-2021-4207

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values cursor-header.width and cursor-header.height can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use...

The vulnerability of the USB EHCI emulation driver in the hardware emulation software QEMU, which stems from improper resource management by external emulators, allows a malicious actor to trigger a service failure.

The vulnerability of the QEMU USB EHCI emulation software is related to an error in processing USB requests. Exploiting this vulnerability can allow a hacker to cause a system failure...

The vulnerability of the ati-vga hardware emulation component in QEMU, related to uncontrolled recursion, allows a hacker to trigger a service failure.

The vulnerability of the ati-vga hardware emulation component in QEMU is related to an uncontrolled recursion. Exploiting this vulnerability can allow an attacker to cause a system failure...

The vulnerability of the `virtio_gpu_set_scanout` function in the `hw/display/virtio-gpu.c` component of the QEMU hardware emulation software occurs due to a lack of memory release mechanism before deleting the last reference. This allows a malicious actor to trigger a service failure.

The vulnerability of the virtiogpusetscanout function in the hw/display/virtio-gpu.c component of the QEMU hardware emulation software is related to a lack of a mechanism for freeing memory before deleting the last pointer. Exploiting this vulnerability allows an attacker to trigger a service...

DEBIAN-CVE-2020-35506

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command CMDTI. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of servi...

The vulnerability of the ide_dma_cb() function in QEMU’s hardware emulation software lies in its insufficient checking of unusual or exceptional states. This allows a malicious actor to trigger a service failure.

The vulnerability of the idedmacb function in the hardware emulation for various QEMU platforms is related to a bug in the host system, triggered through the special SCSIIOCTLSENDCOMMAND. This bug requires that the size of successfully transferred DMA operations be a multiple of 512 equal to the...

The firmware binary code of the simulation and exploit technology-vulnerability warning-the black bar safety net

In a previous article, we introduced a firmware analysis and extraction of the file system method. In this article we will further introduce how to in-depth analysis of firmware binaries, and then use its common security vulnerabilities. In this paper, we will relate to the following as shown in...

Qemu: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines

An infinite loop flaw was found in the way QEMU's e1000 NIC emulation implementation processed data using transmit or receive descriptors under certain conditions. A privileged user inside a guest could use this flaw to crash the QEMU instance...

The vulnerability of the QEMU hardware emulation software, which allows a hacker to trigger a service failure

The vulnerability of the VNC websocket frame decoder in the hardware emulation software QEMU is related to resource management errors. Exploiting this vulnerability allows a malicious actor to cause service failures such as increased memory and computational resources usage by sending HTTP header...