National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:qemu:qemu:2.1.0:rc1
There are 35 matching records.
Displaying matches 21 through 35.
Vuln ID Summary CVSS Severity
CVE-2017-8284

** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes."

Published: April 26, 2017; 10:59:00 AM -04:00
V3: 7.0 HIGH
V2: 6.9 MEDIUM
CVE-2015-8556

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

Published: March 24, 2017; 10:59:00 AM -04:00
V3: 10.0 CRITICAL
V2: 10.0 HIGH
CVE-2015-8817

QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.

Published: December 29, 2016; 05:59:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2016-2841

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.

Published: June 16, 2016; 02:59:07 PM -04:00
V3: 6.0 MEDIUM
V2: 2.1 LOW
CVE-2016-2538

Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.

Published: June 16, 2016; 02:59:06 PM -04:00
V3: 7.1 HIGH
V2: 3.6 LOW
CVE-2016-1714

The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.

Published: April 07, 2016; 03:59:02 PM -04:00
V3: 8.1 HIGH
V2: 6.9 MEDIUM
CVE-2015-5225

Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.

Published: November 06, 2015; 04:59:05 PM -05:00
V2: 7.2 HIGH
CVE-2015-5279

Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

Published: September 28, 2015; 12:59:02 PM -04:00
V2: 7.2 HIGH
CVE-2015-3214

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Published: August 31, 2015; 06:59:07 AM -04:00
V2: 6.9 MEDIUM
CVE-2015-4037

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

Published: August 26, 2015; 03:59:05 PM -04:00
V2: 1.9 LOW
CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Published: August 12, 2015; 10:59:23 AM -04:00
V2: 7.2 HIGH
CVE-2015-3456

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

Published: May 13, 2015; 02:59:00 PM -04:00
V2: 7.7 HIGH
CVE-2014-9718

The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.

Published: April 21, 2015; 12:59:00 PM -04:00
V2: 4.9 MEDIUM
CVE-2014-8106

Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.

Published: December 08, 2014; 11:59:01 AM -05:00
V2: 4.6 MEDIUM
CVE-2014-3640

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket.

Published: November 07, 2014; 02:55:02 PM -05:00
V2: 2.1 LOW