U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:qemu:qemu:0.12.0:-:*:*:*:*:*:*
  • CPE Name Search: true
There are 272 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2020-27821

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may abuse this flaw to crash the QEMU process on the host, resulting in a denial of service. This flaw affects QEMU versions prior to 5.2.0.

Published: December 08, 2020; 5:15:18 PM -0500
V3.1: 6.0 MEDIUM
V2.0: 2.1 LOW
CVE-2020-25723

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.

Published: December 01, 2020; 8:15:12 PM -0500
V3.1: 3.2 LOW
V2.0: 2.1 LOW
CVE-2020-24352

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Published: October 16, 2020; 2:15:12 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-25743

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

Published: October 06, 2020; 11:15:15 AM -0400
V3.1: 3.2 LOW
V2.0: 2.1 LOW
CVE-2020-25742

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.

Published: October 06, 2020; 11:15:15 AM -0400
V3.1: 3.2 LOW
V2.0: 2.1 LOW
CVE-2020-14364

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

Published: August 31, 2020; 2:15:12 PM -0400
V3.1: 5.0 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2020-12829

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting in a denial of service.

Published: August 31, 2020; 11:15:10 AM -0400
V3.1: 3.8 LOW
V2.0: 2.1 LOW
CVE-2020-14415

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.

Published: August 27, 2020; 12:15:10 PM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2020-16092

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.

Published: August 11, 2020; 12:15:12 PM -0400
V3.1: 3.8 LOW
V2.0: 2.1 LOW
CVE-2020-15863

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.

Published: July 28, 2020; 12:15:12 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2020-15469

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

Published: July 02, 2020; 4:15:11 PM -0400
V3.1: 2.3 LOW
V2.0: 2.1 LOW
CVE-2020-10761

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.

Published: June 09, 2020; 9:15:10 AM -0400
V3.1: 5.0 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-13791

hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.

Published: June 04, 2020; 12:15:12 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-13754

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

Published: June 02, 2020; 10:15:10 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-13253

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

Published: May 27, 2020; 11:15:12 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2013-4535

The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.

Published: February 11, 2020; 11:15:12 AM -0500
V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

Published: January 31, 2020; 5:15:11 PM -0500
V3.1: 3.5 LOW
V2.0: 2.7 LOW
CVE-2015-5745

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

Published: January 23, 2020; 3:15:12 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2015-5278

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

Published: January 23, 2020; 3:15:11 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2015-5239

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

Published: January 23, 2020; 3:15:11 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM