CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Qemu : Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-18438 190 Overflow 2018-10-19 2018-12-04
2.1
None Local Low Not required None None Partial
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
2 CVE-2018-15746 358 DoS 2018-08-29 2018-11-02
2.1
None Local Low Not required None None Partial
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
3 CVE-2018-7858 125 DoS 2018-03-12 2018-07-11
2.1
None Local Low Not required None None Partial
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
4 CVE-2018-5683 125 DoS 2018-01-23 2018-09-07
2.1
None Local Low Not required None None Partial
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
5 CVE-2017-18043 190 DoS Overflow 2018-01-31 2018-09-07
2.1
None Local Low Not required None None Partial
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
6 CVE-2017-18030 125 DoS 2018-01-23 2018-09-07
2.1
None Local Low Not required None None Partial
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
7 CVE-2017-17381 369 DoS 2017-12-06 2018-05-31
2.1
None Local Low Not required None None Partial
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.
8 CVE-2017-15289 787 DoS 2017-10-16 2018-09-07
2.1
None Local Low Not required None None Partial
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
9 CVE-2017-13672 125 DoS 2017-09-01 2018-07-11
2.1
None Local Low Not required None None Partial
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
10 CVE-2017-12809 476 DoS 2017-08-23 2017-11-03
2.1
None Local Low Not required None None Partial
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
11 CVE-2017-11434 125 DoS 2017-07-25 2018-09-07
2.1
None Local Low Not required None None Partial
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.
12 CVE-2017-11334 125 DoS 2017-08-02 2018-03-15
2.1
None Local Low Not required None None Partial
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
13 CVE-2017-10806 119 DoS Overflow 2017-08-02 2018-09-07
2.1
None Local Low Not required None None Partial
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
14 CVE-2017-9374 119 DoS Overflow 2017-06-16 2018-09-07
2.1
None Local Low Not required None None Partial
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
15 CVE-2017-7718 125 DoS 2017-04-20 2018-09-07
2.1
None Local Low Not required None None Partial
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
16 CVE-2017-7377 399 DoS 2017-04-10 2018-09-07
2.1
None Local Low Not required None None Partial
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.
17 CVE-2017-6505 20 DoS 2017-03-15 2018-09-07
2.1
None Local Low Not required None None Partial
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330.
18 CVE-2017-5987 399 DoS 2017-03-20 2018-09-07
2.1
None Local Low Not required None None Partial
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
19 CVE-2017-5973 399 DoS 2017-03-27 2018-09-07
2.1
None Local Low Not required None None Partial
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
20 CVE-2017-5957 119 DoS Overflow 2017-03-14 2017-07-10
2.1
None Local Low Not required None None Partial
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
21 CVE-2017-5898 20 DoS Overflow 2017-03-15 2018-01-04
2.1
None Local Low Not required None None Partial
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
22 CVE-2017-5667 399 DoS Exec Code 2017-03-16 2018-09-07
2.1
None Local Low Not required None None Partial
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
23 CVE-2016-10029 125 DoS 2017-02-27 2017-02-28
2.1
None Local Low Not required None None Partial
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts.
24 CVE-2016-10028 125 DoS 2017-02-27 2017-06-30
2.1
None Local Low Not required None None Partial
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.
25 CVE-2016-9923 416 2016-12-23 2017-06-30
2.1
None Local Low Not required None None Partial
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.
26 CVE-2016-9922 369 DoS 2017-03-27 2018-09-07
2.1
None Local Low Not required None None Partial
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
27 CVE-2016-9921 369 2016-12-23 2018-09-07
2.1
None Local Low Not required None None Partial
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
28 CVE-2016-9912 400 2016-12-23 2017-06-30
2.1
None Local Low Not required None None Partial
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
29 CVE-2016-9911 400 2016-12-23 2018-09-07
2.1
None Local Low Not required None None Partial
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
30 CVE-2016-9908 200 +Info 2016-12-23 2017-06-30
2.1
None Local Low Not required Partial None None
Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
31 CVE-2016-9907 400 2016-12-23 2018-09-07
2.1
None Local Low Not required None None Partial
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
32 CVE-2016-9845 200 +Info 2016-12-29 2017-06-30
2.1
None Local Low Not required Partial None None
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. It could occur while processing 'VIRTIO_GPU_CMD_GET_CAPSET_INFO' command. A guest user/process could use this flaw to leak contents of the host memory bytes.
33 CVE-2016-9776 399 2016-12-29 2018-09-07
2.1
None Local Low Not required None None Partial
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.
34 CVE-2016-9106 399 DoS 2016-12-09 2018-12-01
2.1
None Local Low Not required None None Partial
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
35 CVE-2016-9105 399 DoS 2016-12-09 2018-12-01
2.1
None Local Low Not required None None Partial
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
36 CVE-2016-9104 125 DoS Overflow 2016-12-09 2018-12-01
2.1
None Local Low Not required None None Partial
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.
37 CVE-2016-9103 119 Overflow +Info 2016-12-09 2018-12-01
2.1
None Local Low Not required Partial None None
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
38 CVE-2016-9102 399 DoS 2016-12-09 2018-12-01
2.1
None Local Low Not required None None Partial
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.
39 CVE-2016-9101 399 DoS 2016-12-09 2018-12-01
2.1
None Local Low Not required None None Partial
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
40 CVE-2016-7995 399 DoS 2016-12-09 2017-01-06
2.1
None Local Low Not required None None Partial
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.
41 CVE-2016-7994 399 DoS 2016-12-09 2017-06-30
2.1
None Local Low Not required None None Partial
Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.
42 CVE-2016-7908 399 DoS 2016-10-05 2018-12-01
2.1
None Local Low Not required None None Partial
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
43 CVE-2016-7907 20 DoS 2016-10-05 2017-06-30
2.1
None Local Low Not required None None Partial
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
44 CVE-2016-7466 399 DoS 2016-12-09 2018-01-04
2.1
None Local Low Not required None None Partial
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
45 CVE-2016-7423 787 DoS 2016-10-10 2017-06-30
2.1
None Local Low Not required None None Partial
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.
46 CVE-2016-7422 476 DoS 2016-12-09 2018-01-04
2.1
None Local Low Not required None None Partial
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
47 CVE-2016-7421 399 DoS 2016-12-09 2018-12-01
2.1
None Local Low Not required None None Partial
The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit process IO loop to the ring size.
48 CVE-2016-7170 787 DoS 2016-12-09 2018-12-01
2.1
None Local Low Not required None None Partial
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
49 CVE-2016-7157 20 DoS 2016-12-09 2017-06-30
2.1
None Local Low Not required None None Partial
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.
50 CVE-2016-7156 399 DoS 2016-12-09 2018-12-01
2.1
None Local Low Not required None None Partial
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.
Total number of vulnerabilities : 84   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.