Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:qemu:qemu:4.2.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-16092 |
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. Published: August 11, 2020; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 3.8 LOW V2.0: 2.1 LOW |
CVE-2020-15863 |
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. Published: July 28, 2020; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2020-15469 |
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. Published: July 02, 2020; 4:15:11 PM -0400 |
V4.0:(not available) V3.1: 2.3 LOW V2.0: 2.1 LOW |
CVE-2020-10761 |
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. Published: June 09, 2020; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.0 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-10702 |
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. Published: June 04, 2020; 2:15:14 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-13791 |
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. Published: June 04, 2020; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-13754 |
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. Published: June 02, 2020; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2020-13362 |
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Published: May 28, 2020; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 3.2 LOW V2.0: 2.1 LOW |
CVE-2020-13361 |
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. Published: May 28, 2020; 10:15:11 AM -0400 |
V4.0:(not available) V3.1: 3.9 LOW V2.0: 3.3 LOW |
CVE-2020-13253 |
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. Published: May 27, 2020; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-5957 |
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument. Published: March 14, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |