Qemu

Qemu

422 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.2

CVE-2020-13362

  • EPSS 0.1%
  • Published 28.05.2020 15:15:11
  • Last modified 21.11.2024 05:01:07

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

3.9

CVE-2020-13361

  • EPSS 0.1%
  • Published 28.05.2020 14:15:11
  • Last modified 21.11.2024 05:01:06

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

5.5

CVE-2020-13253

  • EPSS 0.02%
  • Published 27.05.2020 15:15:12
  • Last modified 21.11.2024 05:00:53

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

6.5

CVE-2020-10717

  • EPSS 0.16%
  • Published 04.05.2020 21:15:11
  • Last modified 21.11.2024 04:55:55

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maxim...

3.3

CVE-2020-11869

  • EPSS 0.09%
  • Published 27.04.2020 19:15:12
  • Last modified 21.11.2024 04:58:47

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A mal...

6.8

CVE-2020-11102

  • EPSS 0.4%
  • Published 06.04.2020 16:15:13
  • Last modified 21.11.2024 04:56:47

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.

5.8

CVE-2019-15034

  • EPSS 0.18%
  • Published 10.03.2020 18:15:11
  • Last modified 21.11.2024 04:27:55

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

3.5

CVE-2019-20382

  • EPSS 0.18%
  • Published 05.03.2020 19:15:11
  • Last modified 21.11.2024 04:38:20

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

6

CVE-2020-1711

  • EPSS 0.65%
  • Published 11.02.2020 20:15:11
  • Last modified 21.11.2024 05:11:13

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_s...

8.8

CVE-2013-4535

  • EPSS 0.38%
  • Published 11.02.2020 16:15:12
  • Last modified 21.11.2024 01:55:46

The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.