Qemu@6.0.0 Security Vulnerabilities and Issues — Qemu@6.0.0 CVE List

Lucene search

QemuQemu6.0.0

7 matches found

CVE•added 2021/06/02 2:15 p.m.•327 views

CVE-2021-3544

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime.

6.5CVSS6.8AI score0.00032EPSS

CVE•added 2021/05/26 10:15 p.m.•290 views

CVE-2021-3527

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack ...

5.5CVSS6.1AI score0.00021EPSS

CVE•added 2021/06/02 2:15 p.m.•284 views

CVE-2020-35503

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEM...

6CVSS6.2AI score0.00024EPSS

CVE•added 2021/05/06 4:15 p.m.•274 views

CVE-2021-3507

A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QE...

6.1CVSS6.7AI score0.00019EPSS

CVE•added 2021/06/02 2:15 p.m.•250 views

CVE-2021-3546

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the guest. It could allow a privileged guest user to crash the QEMU process ...

8.2CVSS8AI score0.00072EPSS

CVE•added 2021/06/02 2:15 p.m.•207 views

CVE-2021-3545

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious g...

6.5CVSS6.3AI score0.00093EPSS

CVE•added 2021/05/28 11:15 a.m.•197 views

CVE-2020-35505

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of s...

4.4CVSS5.4AI score0.00017EPSS