CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Qemu : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-7550 125 Exec Code 2018-03-01 2018-09-07
4.6
None Local Low Not required Partial Partial Partial
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
2 CVE-2017-13673 20 DoS 2017-08-29 2018-04-12
4.0
None Remote Low Single system None None Partial
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
3 CVE-2017-9060 399 DoS 2017-06-01 2017-06-30
4.9
None Local Low Not required None None Complete
Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.
4 CVE-2017-8379 399 DoS 2017-05-23 2018-09-07
4.9
None Local Low Not required None None Complete
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
5 CVE-2017-8112 400 DoS 2017-05-02 2018-09-07
4.9
None Local Low Not required None None Complete
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
6 CVE-2017-8086 399 DoS 2017-05-02 2018-09-07
4.9
None Local Low Not required None None Complete
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
7 CVE-2017-7980 119 DoS Exec Code Overflow 2017-07-25 2018-09-07
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
8 CVE-2017-7493 284 2017-05-17 2018-09-07
4.6
None Local Low Not required Partial Partial Partial
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.
9 CVE-2017-5857 399 DoS 2017-03-16 2017-06-30
4.9
None Local Low Not required None None Complete
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.
10 CVE-2017-5856 399 DoS 2017-03-16 2018-09-07
4.9
None Local Low Not required None None Complete
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
11 CVE-2017-5579 399 DoS 2017-03-15 2018-09-07
4.9
None Local Low Not required None None Complete
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
12 CVE-2017-5578 399 DoS 2017-03-15 2017-06-30
4.9
None Local Low Not required None None Complete
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
13 CVE-2017-5552 399 DoS 2017-03-15 2017-06-30
4.9
None Local Low Not required None None Complete
Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
14 CVE-2017-5526 399 DoS 2017-03-15 2018-09-07
4.9
None Local Low Not required None None Complete
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
15 CVE-2017-5525 399 DoS 2017-03-15 2018-09-07
4.9
None Local Low Not required None None Complete
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
16 CVE-2017-2633 125 2018-07-27 2018-09-24
4.0
None Remote Low Single system None None Partial
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.
17 CVE-2016-10155 399 DoS 2017-03-15 2018-09-07
4.9
None Local Low Not required None None Complete
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
18 CVE-2016-9916 400 DoS 2016-12-29 2018-09-07
4.9
None Local Low Not required None None Complete
Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.
19 CVE-2016-9915 400 DoS 2016-12-29 2018-09-07
4.9
None Local Low Not required None None Complete
Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.
20 CVE-2016-9914 400 DoS 2016-12-29 2018-09-07
4.9
None Local Low Not required None None Complete
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.
21 CVE-2016-9913 400 DoS 2016-12-29 2017-06-30
4.9
None Local Low Not required None None Complete
Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving the order of resource cleanup.
22 CVE-2016-9846 119 Overflow 2016-12-29 2017-06-30
4.9
None Local Low Not required None None Complete
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
23 CVE-2016-7909 399 DoS 2016-10-05 2018-12-01
4.9
None Local Low Not required None None Complete
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
24 CVE-2016-5403 399 DoS 2016-08-02 2018-01-04
4.9
None Local Low Not required None None Complete
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
25 CVE-2016-5338 20 DoS Exec Code 2016-06-14 2018-12-01
4.6
None Local Low Not required Partial Partial Partial
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
26 CVE-2016-5126 119 DoS Exec Code Overflow 2016-06-01 2017-06-30
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
27 CVE-2016-4964 20 DoS 2016-12-09 2017-06-30
4.9
None Local Low Not required None None Complete
The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state.
28 CVE-2016-4453 399 DoS 2016-06-01 2018-12-01
4.6
None Local Low Single system None None Complete
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
29 CVE-2016-4439 119 DoS Exec Code Overflow 2016-05-20 2018-12-01
4.6
None Local Low Not required Partial Partial Partial
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.
30 CVE-2016-4037 20 DoS 2016-05-23 2018-12-01
4.9
None Local Low Not required None None Complete
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
31 CVE-2016-4001 20 DoS Overflow 2016-05-23 2018-12-01
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
32 CVE-2015-8568 119 DoS Overflow 2017-04-11 2017-11-03
4.7
None Local Medium Not required None None Complete
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.
33 CVE-2015-8558 20 DoS 2016-05-23 2017-11-03
4.9
None Local Low Not required None None Complete
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
34 CVE-2015-7504 119 DoS Exec Code Overflow 2017-10-16 2018-01-04
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
35 CVE-2015-5158 119 DoS Overflow 2016-04-11 2016-04-14
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block.
36 CVE-2014-9718 399 DoS 2015-04-21 2016-06-23
4.9
None Local Low Not required None None Complete
The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.
37 CVE-2014-8106 119 Exec Code Overflow 2014-12-08 2017-09-07
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
38 CVE-2014-5388 119 Overflow Mem. Corr. +Info 2014-11-15 2014-11-17
4.6
None Local Low Not required Partial Partial Partial
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact related to a crafted PCI device that triggers memory corruption.
39 CVE-2014-0223 189 DoS Exec Code Overflow 2014-11-04 2017-11-03
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
40 CVE-2014-0150 189 Exec Code Overflow 2014-04-18 2017-12-15
4.9
None Local Network Medium Single system Partial Partial Partial
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
41 CVE-2014-0145 119 DoS Exec Code Overflow 2017-08-10 2017-11-03
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).
42 CVE-2014-0143 190 DoS Overflow Mem. Corr. 2017-08-10 2017-11-03
4.4
None Local Medium Not required Partial Partial Partial
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
43 CVE-2013-4544 20 DoS Exec Code 2014-05-08 2014-05-09
4.9
None Local Network Medium Single system Partial Partial Partial
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.
44 CVE-2012-2652 2012-08-07 2014-03-05
4.4
None Local Medium Not required Partial Partial Partial
The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.
45 CVE-2011-3346 119 DoS Overflow 2014-04-01 2014-04-01
4.0
None Local High Not required None None Complete
Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.
46 CVE-2011-0011 287 Bypass 2012-06-21 2017-08-16
4.3
None Local Network High Not required Partial Partial Partial
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
47 CVE-2008-2004 200 +Info 2008-05-12 2017-09-28
4.9
None Local Low Not required Complete None None
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
48 CVE-2008-0928 264 2008-03-03 2017-09-28
4.7
None Local Medium Not required Complete None None
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
Total number of vulnerabilities : 48   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.