- EPSS 0.46%
- Veröffentlicht 16.10.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
CVE-2017-15268
- EPSS 4.27%
- Veröffentlicht 12.10.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
CVE-2017-15038
- EPSS 0.28%
- Veröffentlicht 10.10.2017 01:30:22
- Zuletzt bearbeitet 13.05.2026 00:24:29
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
CVE-2017-14167
- EPSS 0.6%
- Veröffentlicht 08.09.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
CVE-2017-13672
- EPSS 0.95%
- Veröffentlicht 01.09.2017 13:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
CVE-2017-13711
- EPSS 3.84%
- Veröffentlicht 01.09.2017 13:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
CVE-2017-13673
- EPSS 2.96%
- Veröffentlicht 29.08.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
CVE-2017-8380
- EPSS 3.91%
- Veröffentlicht 28.08.2017 15:29:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2017-12809
- EPSS 0.39%
- Veröffentlicht 23.08.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
CVE-2014-0142
- EPSS 0.38%
- Veröffentlicht 10.08.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function ...