Search CVE reports
71 – 80 of 397 results
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Not affected |
| qemu-kvm | — | — | — | Not in release |
hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Not affected |
| qemu-kvm | — | — | — | Not in release |
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | Fixed | Fixed |
| qemu-kvm | — | — | Not in release | Not in release |
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | Not affected | Not affected |
| qemu-kvm | — | — | Not in release | Not in release |
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | Not affected | Not affected | Not affected | Fixed |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Not affected |
| qemu-kvm | — | — | — | Not in release |
Some fixes available 16 of 147
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
20 affected packages
slirp, xen, qemu-kvm, qemu, android...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| slirp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xen | Not affected | Not affected | Not affected | Not affected |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
| qemu | Fixed | Fixed | Fixed | Fixed |
| android | Not in release | Not in release | Not in release | Not in release |
| basilisk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ns3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qemu-kvm-spice | Not in release | Not in release | Not in release | Not in release |
| qemu-linaro | Not in release | Not in release | Not in release | Not in release |
| redboot-imx | Not in release | Not in release | Not in release | Needs evaluation |
| slirp4netns | Not affected | Not affected | Not affected | Not in release |
| vde2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| virtualbox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| virtualbox-hwe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| virtualbox-lts-vivid | Not in release | Not in release | Not in release | Not in release |
| virtualbox-lts-wily | Not in release | Not in release | Not in release | Not in release |
| virtualbox-lts-xenial | Not in release | Not in release | Not in release | Not in release |
| libslirp | Not affected | Not affected | Not affected | Not in release |
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | Not affected | Not affected |
| qemu-kvm | — | — | Not in release | Not in release |
Some fixes available 16 of 99
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
13 affected packages
slirp, android, basilisk2, bochs, fs-uae...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| slirp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| android | Not in release | Not in release | Not in release | Not in release |
| basilisk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qemu | Fixed | Fixed | Fixed | Fixed |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
| qemu-kvm-spice | Not in release | Not in release | Not in release | Not in release |
| qemu-linaro | Not in release | Not in release | Not in release | Not in release |
| slirp4netns | Not affected | Not affected | Not affected | Not in release |
| vde2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xen | Not affected | Not affected | Not affected | Not affected |
| libslirp | Not affected | Not affected | Not affected | Not in release |
Some fixes available 5 of 6
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Fixed |
| qemu-kvm | — | — | — | Not in release |