Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:qemu:qemu:6.1.0:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-4158 |
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Published: August 24, 2022; 12:15:09 PM -0400 |
V3.1: 6.0 MEDIUM V2.0:(not available) |
CVE-2022-35414 |
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use case are not considered security bugs at this time. Published: July 10, 2022; 10:15:07 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2021-3611 |
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. Published: May 11, 2022; 12:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-3750 |
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. Published: May 02, 2022; 3:15:08 PM -0400 |
V3.1: 8.2 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-4207 |
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Published: April 29, 2022; 1:15:20 PM -0400 |
V3.1: 8.2 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-4206 |
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Published: April 29, 2022; 1:15:20 PM -0400 |
V3.1: 8.2 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-3748 |
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process. Published: March 23, 2022; 4:15:09 PM -0400 |
V3.1: 7.5 HIGH V2.0: 6.9 MEDIUM |
CVE-2022-26354 |
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. Published: March 16, 2022; 11:15:16 AM -0400 |
V3.1: 3.2 LOW V2.0: 2.1 LOW |
CVE-2021-20257 |
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Published: March 16, 2022; 11:15:09 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-3638 |
An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. Published: March 03, 2022; 6:15:08 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-3947 |
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information. Published: February 18, 2022; 1:15:09 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-3930 |
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. Published: February 18, 2022; 1:15:09 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-4145 |
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. Published: January 25, 2022; 3:15:08 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2021-3713 |
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host. Published: August 25, 2021; 3:15:15 PM -0400 |
V3.1: 7.4 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-20255 |
A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Published: March 09, 2021; 3:15:13 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-5957 |
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument. Published: March 14, 2017; 10:59:00 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |