EUVD-2020-3177

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-3611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack overflow vulnerability was found in the Intel HD Audio device intel-hda of QEMU. A malicious guest could use this flaw to crash the QEMU process on the...

AZL-35167 CVE-2023-2861 affecting package qemu for versions less than 8.2.0-1

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

SUSE CVE-2014-0147

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...

AZL-35164 CVE-2022-4144 affecting package qemu for versions less than 6.2.0-18

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxlphys2virt function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use th...

AZL-10110 CVE-2022-35414 affecting package qemu for versions less than 6.2.0-7

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translatefail path, leading to an ioreadx or iowritex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use ca...

Design/Logic Flaw

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...

AZL-9095 CVE-2022-26354 affecting package qemu for versions less than 6.2.0-2

A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions = 6.2.0...

CVE-2020-35503

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasascommandcancelled callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU...

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.

...

Amazon Linux 2 : qemu (ALAS-2020-1407)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1407 advisory. tcpemu in tcpsubr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMUIR...

QEMU: qxl: null pointer dereference while releasing spice resources

interfacereleaseresource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference...

PT-2019-13028 · Qemu +2 · Qemu +2

Name of the Vulnerable Software and Affected Versions: QEMU versions 4.0.0 and earlier Description: The QMP migrate command in QEMU is vulnerable to OS command injection, allowing a remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP...

DEBIAN-CVE-2013-4149

Buffer overflow in virtionetload function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table...

qemu: ccid: buffer overflow in handling of VSC_ATR message

Buffer overflow in the ccidcardvscardhandlemessage function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted VSCATR message...

PT-2010-2089 · Qemu +1 · Qemu +1

Name of the Vulnerable Software and Affected Versions: QEMU versions prior to 0.11.1 Description: A buffer overflow issue exists in the usb host handle control function within the USB passthrough handling implementation. This allows guest OS users to potentially cause a denial of service, such as...