Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:qemu:qemu:4.2.0:rc1:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-15863 |
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. Published: July 28, 2020; 12:15:12 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2020-15859 |
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. Published: July 21, 2020; 12:15:11 PM -0400 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2020-15469 |
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. Published: July 02, 2020; 4:15:11 PM -0400 |
V3.1: 2.3 LOW V2.0: 2.1 LOW |
CVE-2020-10761 |
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. Published: June 09, 2020; 9:15:10 AM -0400 |
V3.1: 5.0 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-10702 |
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. Published: June 04, 2020; 2:15:14 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-13800 |
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Published: June 04, 2020; 12:15:12 PM -0400 |
V3.1: 6.0 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2020-13791 |
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Published: June 04, 2020; 12:15:12 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-13754 |
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. Published: June 02, 2020; 10:15:10 AM -0400 |
V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2020-13659 |
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. Published: June 02, 2020; 9:15:11 AM -0400 |
V3.1: 2.5 LOW V2.0: 1.9 LOW |
CVE-2020-13362 |
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Published: May 28, 2020; 11:15:11 AM -0400 |
V3.1: 3.2 LOW V2.0: 2.1 LOW |
CVE-2020-13361 |
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. Published: May 28, 2020; 10:15:11 AM -0400 |
V3.1: 3.9 LOW V2.0: 3.3 LOW |
CVE-2020-13253 |
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. Published: May 27, 2020; 11:15:12 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-11869 |
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. Published: April 27, 2020; 3:15:12 PM -0400 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2020-11102 |
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. Published: April 06, 2020; 12:15:13 PM -0400 |
V3.1: 5.6 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2020-1711 |
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. Published: February 11, 2020; 3:15:11 PM -0500 |
V3.1: 6.0 MEDIUM V2.0: 6.0 MEDIUM |
CVE-2020-7211 |
tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. Published: January 21, 2020; 12:15:12 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-7039 |
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. Published: January 16, 2020; 6:15:12 PM -0500 |
V3.1: 5.6 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2019-20175 |
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert. Published: December 30, 2019; 11:15:10 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-5957 |
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument. Published: March 14, 2017; 10:59:00 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |