Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Max CVSS
7.2
EPSS Score
0.07%
Published
2012-11-23
Updated
2023-02-13
The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.
Max CVSS
4.4
EPSS Score
0.04%
Published
2012-08-07
Updated
2023-02-13
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
Max CVSS
2.1
EPSS Score
0.06%
Published
2012-06-21
Updated
2020-11-02
Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."
Max CVSS
7.4
EPSS Score
0.06%
Published
2012-06-21
Updated
2023-02-13
The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."
Max CVSS
7.4
EPSS Score
0.11%
Published
2012-06-21
Updated
2023-02-13
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.
Max CVSS
7.4
EPSS Score
0.06%
Published
2012-06-21
Updated
2023-02-13
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
Max CVSS
4.3
EPSS Score
1.19%
Published
2012-06-21
Updated
2020-11-02
7 vulnerabilities found