The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Note: This has been disputed by multiple third parties as not a valid vulnerability due to the rocker device not falling within the virtualization use case.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.21%
Published
2023-08-22
Updated
2024-05-17
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue
Source: MITRE
Max CVSS
10.0
EPSS Score
0.47%
Published
2019-06-24
Updated
2024-05-17
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue
Source: MITRE
Max CVSS
10.0
EPSS Score
0.52%
Published
2019-06-24
Updated
2024-05-17
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
Source: MITRE
Max CVSS
9.8
EPSS Score
1.07%
Published
2019-05-31
Updated
2019-07-02
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.80%
Published
2018-10-09
Updated
2021-08-04
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.45%
Published
2017-11-17
Updated
2020-09-10
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
Source: Red Hat, Inc.
Max CVSS
9.8
EPSS Score
2.23%
Published
2018-07-27
Updated
2019-10-09
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.64%
Published
2017-08-28
Updated
2017-09-06
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
Source: Red Hat, Inc.
Max CVSS
9.0
EPSS Score
0.06%
Published
2018-07-09
Updated
2023-02-12
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
Source: Red Hat, Inc.
Max CVSS
9.9
EPSS Score
0.15%
Published
2018-07-27
Updated
2021-08-04
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
Source: Red Hat, Inc.
Max CVSS
9.1
EPSS Score
0.15%
Published
2018-07-03
Updated
2023-02-12
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
Source: Red Hat, Inc.
Max CVSS
9.9
EPSS Score
0.14%
Published
2018-07-27
Updated
2021-08-04
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
Source: Red Hat, Inc.
Max CVSS
9.0
EPSS Score
0.21%
Published
2018-04-26
Updated
2019-10-09
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
Source: MITRE
Max CVSS
10.0
EPSS Score
1.16%
Published
2016-10-05
Updated
2020-11-16
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
Source: Red Hat, Inc.
Max CVSS
9.8
EPSS Score
4.91%
Published
2016-04-26
Updated
2020-12-14
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
Source: MITRE
Max CVSS
10.0
EPSS Score
1.94%
Published
2017-03-24
Updated
2017-03-27
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
Source: Red Hat, Inc.
Max CVSS
9.0
EPSS Score
3.22%
Published
2016-01-08
Updated
2023-02-13
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
Source: Red Hat, Inc.
Max CVSS
9.3
EPSS Score
2.31%
Published
2013-02-13
Updated
2023-02-13
Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.
Source: Red Hat, Inc.
Max CVSS
9.9
EPSS Score
0.36%
Published
2009-10-23
Updated
2024-02-15
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!