|
|
Qemu : Security Vulnerabilities (CVSS score between 3 and 3.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-3507 |
787 |
|
Overflow +Info |
2021-05-06 |
2023-02-02 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A heap buffer overflow was found in the floppy disk emulator of QEMU. It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. |
|
2 |
CVE-2020-29443 |
125 |
|
|
2021-01-26 |
2022-09-30 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. |
|
3 |
CVE-2020-13361 |
787 |
|
|
2020-05-28 |
2022-11-29 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. |
|
4 |
CVE-2018-16872 |
367 |
|
|
2018-12-13 |
2020-12-04 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS. |
|
5 |
CVE-2016-4454 |
119 |
|
DoS Overflow +Info |
2016-06-01 |
2020-05-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. |
|
6 |
CVE-2016-2857 |
119 |
|
DoS Overflow |
2016-04-12 |
2023-02-02 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). |
|
7 |
CVE-2016-2538 |
189 |
|
DoS Overflow +Info |
2016-06-16 |
2018-12-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function. |
|
8 |
CVE-2015-8743 |
125 |
|
|
2016-12-29 |
2020-10-29 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. |
|
9 |
CVE-2015-8666 |
787 |
|
Overflow |
2017-04-11 |
2020-10-13 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. |
|
10 |
CVE-2015-8504 |
369 |
|
DoS |
2017-04-11 |
2020-09-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. |
Total number of vulnerabilities : 10
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
