[SECURITY] Fedora 43 Update: edk2-20260213-4.fc43

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. This package contains sample 64-bit UEFI firmware builds for QEMU and KVM...

Moderate: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 9 : qemu-kvm (RHSA-2026:3077)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3077 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...

CVE-2025-14876

CVE-2025-14876 is associated with a flaw in the QEMU virtio-crypto device where the AKCIPHER path lacks a proper length check, allowing a guest to trigger uncontrolled memory allocation and cause a host DoS. This conclusion is supported by Red Hat’s advisory describing a memory-allocation DoS vec...

Moderate: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

MiracleLinux 4 : xorg-x11-drv-qxl-0.0.14-14.AXS4 (AXSA:2013-88:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-88:01 advisory. xorg-x11-qxl-drv is an X11 video driver for the QEMU QXL video accelerator. This driver makes it possible to use Red Hat Enterprise Linux 6 as a guest operatin...

EUVD-2025-31848

The Find Me On WordPress plugin through 2.0.9.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers and above to perform SQL injection attacks...

Qemu-kvm: virtio-pci: improper release of configure vector leads to guest triggerable crash

...

SUSE CVE-2021-20295

It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 https://access.redhat.com/errata/RHSA-2020:4676 erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in...

UBUNTU-CVE-2021-3929

A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...

The vulnerability of the UAS emulation device’s hardware emulation by QEMU, related to writing beyond the buffer boundaries, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the UAS emulation device’s hardware emulation software, QEMU, lies in the lack of flow number verification. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and even cause service failures...

Qemu: usb: ehci: memory leakage in ehci_init_transfer

Quick Emulator Qemu built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehciinittransfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host...

UBUNTU-CVE-2017-5857

Memory leak in the virglcmdresourceunref function in hw/display/virtio-gpu-3d.c in QEMU aka Quick Emulator allows local guest OS users to cause a denial of service host memory consumption via a large number of VIRTIOGPUCMDRESOURCEUNREF commands sent without detaching the backing storage beforehan...

DEBIAN-CVE-2016-10028

The virglcmdgetcapset function in hw/display/virtio-gpu-3d.c in QEMU aka Quick Emulator built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service out-of-bounds read and process crash via a VIRTIOGPUCMDGETCAPSET command with a maximum capabilities size...

DEBIAN-CVE-2016-8910

The rtl8139cplustransmit function in hw/net/rtl8139.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and CPU consumption by leveraging failure to limit the ring descriptor count...

spice: heap-based memory corruption within smartcard handling

A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code wit...

The vulnerability of the QEMU hardware emulation software allows a hacker to trigger a service failure or cause some other unknown effect.

The vulnerability of the QEMU hardware emulation software is related to incorrect restrictions on commands received from ATAPI devices. Exploiting this vulnerability can allow a malicious actor to cause service failures or potentially have other unspecified effects by using certain IDE commands...

Debian Security Advisory DSA 3471-1 (qemu - security update)

Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets. CVE-2015-7504 Qinghao Tan...

DEBIAN-CVE-2015-2152

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...

qemu-kvm: virtqueue: too-large indirect descriptor buffer overflow

Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service guest crash or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."...