Qemu : Security Vulnerabilities
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
| Max Base Score | 2.3 |
| Published | 2020-07-02 |
| Updated | 2022-09-23 |
| EPSS | 0.05% |
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
| Max Base Score | 2.5 |
| Published | 2020-06-02 |
| Updated | 2022-11-16 |
| EPSS | 0.05% |
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
| Max Base Score | 1.9 |
| Published | 2015-08-26 |
| Updated | 2016-12-24 |
| EPSS | 0.04% |
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.
| Max Base Score | 2.1 |
| Published | 2014-11-07 |
| Updated | 2023-02-13 |
| EPSS | 0.04% |
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
| Max Base Score | 2.1 |
| Published | 2014-11-01 |
| Updated | 2020-08-11 |
| EPSS | 0.06% |
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
| Max Base Score | 2.3 |
| Published | 2013-10-11 |
| Updated | 2014-03-06 |
| EPSS | 0.04% |
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.
| Max Base Score | 2.7 |
| Published | 2014-01-19 |
| Updated | 2017-01-07 |
| EPSS | 0.06% |
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
| Max Base Score | 2.1 |
| Published | 2012-06-21 |
| Updated | 2020-11-02 |
| EPSS | 0.06% |
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
| Max Base Score | 2.1 |
| Published | 2008-08-08 |
| Updated | 2020-12-16 |
| EPSS | 0.06% |
QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
| Max Base Score | 2.1 |
| Published | 2007-05-02 |
| Updated | 2020-12-15 |
| EPSS | 0.04% |
QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.
| Max Base Score | 2.1 |
| Published | 2007-05-02 |
| Updated | 2020-12-15 |
| EPSS | 0.04% |
11 vulnerabilities found