Search CVE reports


Toggle filters

41 – 50 of 466 results


CVE-2022-0216

Low priority

Some fixes available 6 of 7

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-3735

Low priority
Vulnerable

A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2020-14394

Low priority

Some fixes available 2 of 9

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host,...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Fixed Fixed Vulnerable Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2022-35414

Medium priority
Ignored

** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-3611

Low priority

Some fixes available 5 of 8

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2021-3750

Medium priority

Some fixes available 4 of 6

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Not affected
Show less packages

CVE-2021-4207

Medium priority

Some fixes available 9 of 11

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2021-4206

Medium priority

Some fixes available 9 of 11

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2021-20295

Negligible priority
Not affected

It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2022-1050

Low priority

Some fixes available 3 of 4

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Not affected Not affected
Show less packages