Search CVE reports
151 – 160 of 478 results
An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Not affected |
| qemu-kvm | — | — | — | Not in release |
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged...
6 affected packages
kvm, qemu, qemu-kvm, xen-3.1, xen-3.2, xen-3.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kvm | — | — | — | — |
| qemu | — | — | — | — |
| qemu-kvm | — | — | — | — |
| xen-3.1 | — | — | — | — |
| xen-3.2 | — | — | — | — |
| xen-3.3 | — | — | — | — |
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | Fixed | Fixed |
| qemu-kvm | — | — | Not in release | Not in release |
Some fixes available 17 of 155
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
20 affected packages
vde2, android, libslirp, virtualbox, basilisk2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vde2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| android | Not in release | Not in release | Not in release | Not in release |
| libslirp | Not affected | Not affected | Not affected | Not in release |
| virtualbox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| basilisk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ns3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qemu | Fixed | Fixed | Fixed | Fixed |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
| qemu-kvm-spice | Not in release | Not in release | Not in release | Not in release |
| qemu-linaro | Not in release | Not in release | Not in release | Not in release |
| slirp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| virtualbox-hwe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xen | Not affected | Not affected | Not affected | Not affected |
| redboot-imx | Not in release | Not in release | Not in release | Needs evaluation |
| slirp4netns | Not affected | Not affected | Not affected | Not in release |
| virtualbox-lts-vivid | Not in release | Not in release | Not in release | Not in release |
| virtualbox-lts-wily | Not in release | Not in release | Not in release | Not in release |
| virtualbox-lts-xenial | Not in release | Not in release | Not in release | Not in release |
Some fixes available 17 of 105
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
13 affected packages
fs-uae, libslirp, qemu, basilisk2, bochs...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libslirp | Not affected | Not affected | Not affected | Not in release |
| qemu | Fixed | Fixed | Fixed | Fixed |
| basilisk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| bochs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| slirp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vde2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xen | Not affected | Not affected | Not affected | Not affected |
| android | Not in release | Not in release | Not in release | Not in release |
| qemu-kvm | Not in release | Not in release | Not in release | Not in release |
| qemu-kvm-spice | Not in release | Not in release | Not in release | Not in release |
| qemu-linaro | Not in release | Not in release | Not in release | Not in release |
| slirp4netns | Not affected | Not affected | Not affected | Not in release |
Some fixes available 5 of 6
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Fixed |
| qemu-kvm | — | — | — | Not in release |
The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Ignored |
| qemu-kvm | — | — | — | Not in release |
The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP...
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Ignored |
| qemu-kvm | — | — | — | Not in release |
Some fixes available 8 of 9
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | Fixed | Fixed |
| qemu-kvm | — | — | Not in release | Not in release |
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable
2 affected packages
qemu, qemu-kvm
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qemu | — | — | — | Ignored |
| qemu-kvm | — | — | — | Not in release |