Search CVE reports
21 – 30 of 397 results
Some fixes available 12 of 14
A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
qemu | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release |
Some fixes available 12 of 14
A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service....
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
qemu | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release |
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
qemu | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qemu-kvm | Not in release | Not in release | Not in release | Not in release |
Some fixes available 13 of 14
ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
qemu | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release |
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
3 affected packages
libslirp, qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libslirp | — | Not affected | Fixed | Not in release |
qemu | — | Not affected | Not affected | Not affected |
qemu-kvm | — | Not in release | Not in release | Not in release |
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
3 affected packages
libslirp, qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
libslirp | Not affected | Not affected | Fixed | Not in release |
qemu | Not affected | Not affected | Not affected | Not affected |
qemu-kvm | Not in release | Not in release | Not in release | Not in release |
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
qemu | — | — | Fixed | Fixed |
qemu-kvm | — | — | Not in release | Not in release |
A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
qemu | — | — | Fixed | Not affected |
qemu-kvm | — | — | Not in release | Not in release |
A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
qemu | — | — | Not affected | Not affected |
qemu-kvm | — | — | Not in release | Not in release |
Some fixes available 13 of 14
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
2 affected packages
qemu-kvm, qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
qemu-kvm | Not in release | Not in release | Not in release | Not in release |
qemu | Fixed | Fixed | Fixed | Fixed |