Search CVE reports

Toggle filters

41 – 50 of 397 results

CVE-2020-24352

Low priority
Vulnerable

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Vulnerable Vulnerable Vulnerable Not affected
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-1983

Medium priority

Some fixes available 15 of 17

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

4 affected packages

libslirp, qemu, qemu-kvm, slirp4netns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libslirp Fixed Fixed Fixed Not in release
qemu Not affected Not affected Not affected Fixed
qemu-kvm Not in release Not in release Not in release Not in release
slirp4netns Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2020-17380

Medium priority

Some fixes available 13 of 14

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-1711

Medium priority

Some fixes available 14 of 15

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-16092

Low priority
Fixed

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Fixed
qemu-kvm Not in release Not in release
Show less packages

CVE-2020-15863

Low priority

Some fixes available 3 of 4

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Not affected Not affected Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-15859

Medium priority

Some fixes available 4 of 5

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Not affected Not affected Fixed Fixed
Show less packages

CVE-2020-15469

Low priority

Some fixes available 12 of 15

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-14415

Low priority

Some fixes available 1 of 2

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Not affected
qemu-kvm Not in release Not in release
Show less packages

CVE-2020-14394

Low priority

Some fixes available 2 of 9

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host,...

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Not affected Fixed Fixed Vulnerable
Show less packages
  1. Previous page
  2. 3
  3. 4
  4. 5
  5. 6
  6. 7
  7. Next page
Export to JSON