National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:qemu:qemu:2.1.0:rc2
There are 35 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-8934

hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest.

Published: March 21, 2019; 12:01:14 PM -04:00
V3: 3.3 LOW
V2: 2.1 LOW
CVE-2018-16867

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

Published: December 12, 2018; 08:29:02 AM -05:00
V3: 8.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-18954

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

Published: November 15, 2018; 03:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-10839

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

Published: October 16, 2018; 10:29:01 AM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-17962

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

Published: October 09, 2018; 06:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-15118

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.

Published: July 27, 2018; 05:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

Published: July 27, 2018; 05:29:00 PM -04:00
V3: 9.9 CRITICAL
V2: 9.0 HIGH
CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.

Published: July 27, 2018; 03:29:00 PM -04:00
V3: 9.9 CRITICAL
V2: 9.0 HIGH
CVE-2017-2630

A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.

Published: July 27, 2018; 02:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-15119

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS.

Published: July 27, 2018; 12:29:00 PM -04:00
V3: 8.6 HIGH
V2: 5.0 MEDIUM
CVE-2017-7539

An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.

Published: July 26, 2018; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-2615

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.

Published: July 02, 2018; 09:29:00 PM -04:00
V3: 9.1 CRITICAL
V2: 9.0 HIGH
CVE-2018-12617

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.

Published: June 21, 2018; 02:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-9602

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

Published: April 26, 2018; 03:29:00 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-18043

Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).

Published: January 31, 2018; 03:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2014-3471

Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.

Published: January 12, 2018; 12:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-15124

VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.

Published: January 09, 2018; 04:29:00 PM -05:00
V3: 7.5 HIGH
V2: 7.8 HIGH
CVE-2017-15268

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

Published: October 12, 2017; 11:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-15038

Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.

Published: October 09, 2017; 09:30:22 PM -04:00
V3: 5.6 MEDIUM
V2: 1.9 LOW
CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

Published: July 25, 2017; 10:29:00 AM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM