Latest qemu qemu Vulnerabilities

ZDI-CAN-21521
QEMU NVMe Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-1810
QEMU NVMe Out-Of-Bounds Read Information Disclosure Vulnerability
QEMU qemu
CVE-2023-6683
Qemu: vnc: null pointer dereference in qemu_clipboard_request()
QEMU qemu
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
CVE-2023-6693
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
QEMU qemu<8.2.1
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
CVE-2023-5088
Qemu: improper ide controller reset can lead to mbr overwrite
ubuntu/qemu<1:4.2-3ubuntu6.28
ubuntu/qemu<1:6.2+dfsg-2ubuntu6.16
ubuntu/qemu<1:7.2+dfsg-5ubuntu2.4
ubuntu/qemu<1:8.0.4+dfsg-1ubuntu3.23.10.2
redhat/qemu-kvm<8.2.0
debian/qemu<=1:3.1+dfsg-8+deb10u8<=1:5.2+dfsg-11+deb11u3<=1:5.2+dfsg-11+deb11u2<=1:7.2+dfsg-7+deb12u5
and 4 more
CVE-2023-42467
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU a...
QEMU qemu<=8.0.0
ubuntu/qemu<1:7.2+dfsg-5ubuntu2.4
ubuntu/qemu<1:8.0.4+dfsg-1ubuntu3.23.10.2
debian/qemu
CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).
QEMU qemu=4.2.0
Debian Debian Linux=10.0
ubuntu/qemu<5.0.0
ubuntu/qemu<1:4.2-3ubuntu6.28
debian/qemu<=1:3.1+dfsg-8+deb10u8
CVE-2022-36648
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the h...
QEMU qemu<=7.0.0
CVE-2023-40360
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Plac...
QEMU qemu<=8.0.4
QEMU qemu>=8.0.0<=8.0.4
ubuntu/qemu<1:8.0.4+dfsg-1ubuntu3.23.10.2
debian/qemu
CVE-2023-4135
QEMU NVMe Out-Of-Bounds Read Information Disclosure Vulnerability
QEMU qemu<2023-08-03
Fedoraproject Fedora=38
QEMU qemu>=8.0.0<8.1.0
QEMU qemu=8.1.0-rc0
QEMU qemu=8.1.0-rc1
QEMU qemu=8.1.0-rc2
and 4 more
CVE-2023-1386
Qemu: 9pfs: suid/sgid bits not dropped on file write
QEMU qemu
Fedoraproject Fedora=38
CVE-2023-3180
Heap buffer overflow in virtio_crypto_sym_op_helper()
QEMU qemu
Fedoraproject Fedora=38
Debian Debian Linux=10.0
ubuntu/qemu<1:4.2-3ubuntu6.28
ubuntu/qemu<1:6.2+dfsg-2ubuntu6.16
ubuntu/qemu<1:7.2+dfsg-5ubuntu2.4
and 5 more
CVE-2023-3019
Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
QEMU qemu
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/qemu-kvm<8.2.0
QEMU qemu<8.2.0
CVE-2023-2861
Qemu: 9pfs: improper access control on special files
ubuntu/qemu<1:4.2-3ubuntu6.28
ubuntu/qemu<1:6.2+dfsg-2ubuntu6.16
ubuntu/qemu<1:7.2+dfsg-5ubuntu2.4
redhat/qemu-kvm<8.1.0
debian/qemu<=1:3.1+dfsg-8+deb10u8<=1:5.2+dfsg-11+deb11u3<=1:5.2+dfsg-11+deb11u2
QEMU qemu<8.1.0
and 1 more
CVE-2023-3255
Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service
QEMU qemu<=8.0.3
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=38
redhat/qemu<8.1.0
ubuntu/qemu<1:6.2+dfsg-2ubuntu6.16
and 2 more
CVE-2023-3354
Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
QEMU qemu
Redhat Openstack Platform=13.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
and 8 more
CVE-2023-3301
Triggerable assertion due to race condition in hot-unplug
QEMU qemu<=8.0.3
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/qemu<8.1.0
ubuntu/qemu<1:8.0.3+dfsg-1
ubuntu/qemu<1:6.2+dfsg-2ubuntu6.16
and 2 more
CVE-2023-2680
Dma reentrancy issue (incomplete fix for cve-2021-3750)
=9.0
QEMU qemu
Redhat Enterprise Linux=9.0
CVE-2023-1544
Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()
QEMU qemu<=7.2.0
Fedoraproject Fedora=37
ubuntu/qemu<1:4.2-3ubuntu6.28
ubuntu/qemu<1:6.2+dfsg-2ubuntu6.16
ubuntu/qemu<1:7.2+dfsg-5ubuntu2.4
ubuntu/qemu<1:8.0.4+dfsg-1ubuntu3.23.10.2
and 2 more
CVE-2023-0664
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their pr...
QEMU qemu<8.0.0
Microsoft Windows
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=37
CVE-2023-0330
Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow
QEMU qemu>=7.2.0<7.2.3
QEMU qemu=8.0.0
QEMU qemu=8.0.0-rc0
QEMU qemu=8.0.0-rc1
QEMU qemu=8.0.0-rc2
QEMU qemu=8.0.0-rc3
and 2 more
CVE-2022-4172
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues ma...
redhat/qemu-kvm<7.2.0
QEMU qemu=7.0.0
Fedoraproject Fedora=37
CVE-2022-4144
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potent...
QEMU qemu<=7.1.0
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Redhat Enterprise Linux=8.0
redhat/qemu-kvm<7.2.0
CVE-2022-3165
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending ...
QEMU qemu>=6.1.0<=7.1.0
Fedoraproject Fedora=36
Fedoraproject Fedora=37
redhat/qemu<7.2.0
ubuntu/qemu<1:6.2+dfsg-2ubuntu6.6
ubuntu/qemu<1:7.0+dfsg-7ubuntu2.1
and 1 more
CVE-2022-2962
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address i...
QEMU qemu>=4.2.0<=7.1.0
ubuntu/qemu<1:7.0+dfsg-7ubuntu2.1
redhat/qemu<7.2.0
debian/qemu
CVE-2022-35414
** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-...
QEMU qemu>=4.1.50<=7.0.0
Debian Debian Linux=10.0
>=4.1.50<=7.0.0
=10.0
CVE-2022-1050
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially l...
QEMU qemu<2.20.1
redhat/qemu<8.0.0
CVE-2022-26354
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected r...
QEMU qemu<=6.2.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/qemu<1:6.2+dfsg-2ubuntu8
ubuntu/qemu<1:2.11+dfsg-1ubuntu7.40
ubuntu/qemu<1:4.2-3ubuntu6.23
and 5 more
CVE-2022-26353
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memor...
QEMU qemu=6.2.0
Debian Debian Linux=11.0
ubuntu/qemu<1:2.11+dfsg-1ubuntu7.40
ubuntu/qemu<1:4.2-3ubuntu6.23
ubuntu/qemu<1:6.2+dfsg-2ubuntu8
ubuntu/qemu<1:6.0+dfsg-2
and 4 more
CVE-2022-0358
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories sha...
QEMU qemu<6.2.0-7
Redhat Enterprise Linux=8.0
ubuntu/qemu<1:6.2+dfsg-2ubuntu6.2
ubuntu/qemu<1:6.0+dfsg-2
redhat/qemu 6.2.0<7
debian/qemu
CVE-2021-4206
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based...
QEMU qemu<7.0.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
ubuntu/qemu<1:6.2+dfsg-2ubuntu8
and 8 more
CVE-2021-4207
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor ...
QEMU qemu<7.0.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
ubuntu/qemu<1:6.2+dfsg-2ubuntu8
and 8 more
CVE-2022-0216
A use after free issue was found in the `hw/scsi/lsi53c895a.c` specifically in `lsi_do_msgout` function. `lsi_do_msgout` function is used to receive message from the OS, and do something based on that...
QEMU qemu<6.0.0
Fedoraproject Fedora=37
ubuntu/qemu<1:2.11+dfsg-1ubuntu7.41
ubuntu/qemu<1:4.2-3ubuntu6.24
ubuntu/qemu<1:7.0+dfsg-7ubuntu2.1
ubuntu/qemu<2.0.0+dfsg-2ubuntu1.47+
and 3 more
CVE-2021-4145
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not...
QEMU qemu=6.1.0
QEMU qemu=6.1.0-rc0
QEMU qemu=6.1.0-rc1
QEMU qemu=6.1.0-rc2
QEMU qemu=6.1.0-rc3
QEMU qemu=6.1.0-rc4
and 1 more
CVE-2021-4158
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of s...
redhat/qemu-kvm<17:7.0.0-13.el9
QEMU qemu>=6.0.0<7.0.0
Redhat Enterprise Linux=9.0
ubuntu/qemu<1:6.2+dfsg-2ubuntu5
ubuntu/qemu<1:6.0+dfsg-2
debian/qemu
CVE-2021-3947
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious use...
QEMU qemu<=6.1.0
QEMU qemu=6.2.0-rc0
QEMU qemu=6.2.0-rc1
QEMU qemu>=6.0.0<=6.1.0
redhat/qemu-kvm<6.2.0
CVE-2021-3930
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A...
QEMU qemu<6.2.0
Redhat Codeready Linux Builder=8.0
IBM Cognos Analytics 11.1.x=8.0
Redhat Codeready Linux Builder For Power Little Endian=8.0
Redhat Openstack=10
Redhat Openstack=13
and 15 more
CVE-2021-3929
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function n...
QEMU qemu<7.0.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
ubuntu/qemu<1:6.2+dfsg-2ubuntu6.2
redhat/qemu-kvm<7.0.0
debian/qemu<=1:5.2+dfsg-11+deb11u3<=1:5.2+dfsg-11+deb11u2
CVE-2021-3750
A DMA reentrancy issue was found in the EHCI controller emulation of QEMU. From <a href="https://gitlab.com/qemu-project/qemu/-/issues/541">https://gitlab.com/qemu-project/qemu/-/issues/541</a>: """ ...
QEMU qemu<7.0.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.0
ubuntu/qemu<1:2.11+dfsg-1ubuntu7.41
ubuntu/qemu<1:4.2-3ubuntu6.24
ubuntu/qemu<1:7.0+dfsg-7ubuntu1
and 2 more
CVE-2021-3748
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the ...
QEMU qemu>=0.10.0<6.2.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=21.10
and 10 more
CVE-2021-3735
A deadlock issue was found in the AHCI controller device (ich9-ahci) of QEMU while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. The bug is triggered on a...
debian/qemu<=1:3.1+dfsg-8+deb10u8<=1:3.1+dfsg-8+deb10u11<=1:5.2+dfsg-11+deb11u3<=1:5.2+dfsg-11+deb11u2<=1:7.2+dfsg-7+deb12u2<=1:8.1.1+ds-2<=1:8.1.2+ds-1
QEMU qemu=6.1.0-rc4
Debian Debian Linux=10.0
Debian Debian Linux=11.0
CVE-2021-3713
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead...
QEMU qemu<=6.1.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
ubuntu/qemu<1:6.0+dfsg-2
ubuntu/qemu<1:6.2+dfsg-2ubuntu5
and 2 more
CVE-2021-3682
A flaw was found in the USB redirector device (usb-redir) of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. More specifically, the...
QEMU qemu<6.1.0
QEMU qemu=6.1.0-rc1
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 11 more
CVE-2021-3638
A flaw was found in the ATI VGA emulation of QEMU. An inconsistent check and use of dst_[x|y] and s-&gt;regs.dst_[x|y] may lead to out-of-bounds write of vram_ptr. This flaw occurs in the ati_2d_blt()...
QEMU qemu>=4.0.0<=6.1.0
Fedoraproject Fedora=36
Fedoraproject Fedora=37
ubuntu/qemu<1:4.2-3ubuntu6.28
debian/qemu
CVE-2021-3611
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service...
QEMU qemu<7.0.0
Redhat Enterprise Linux=8.0
ubuntu/qemu<1:7.0+dfsg-7ubuntu1
ubuntu/qemu<1:7.0+dfsg-7ubuntu1
ubuntu/qemu<1:7.0+dfsg-7ubuntu1
ubuntu/qemu<1:6.2+dfsg-2ubuntu6.16
and 1 more
CVE-2021-3608
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result i...
QEMU qemu<6.1.0
Debian Debian Linux=10.0
Fedoraproject Fedora=34
ubuntu/qemu<1:4.2-3ubuntu6.17
ubuntu/qemu<1:5.0-5ubuntu9.9
ubuntu/qemu<1:5.2+dfsg-9ubuntu3.1
and 4 more
CVE-2021-3607
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due...
QEMU qemu<6.1.0
Debian Debian Linux=10.0
Fedoraproject Fedora=34
ubuntu/qemu<1:4.2-3ubuntu6.17
ubuntu/qemu<1:5.0-5ubuntu9.9
ubuntu/qemu<1:5.2+dfsg-9ubuntu3.1
and 4 more
CVE-2019-12067
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
QEMU qemu
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=30
Redhat Openstack Platform=10.0
and 4 more
CVE-2021-3582
A flaw was found in QEMU. Because pvrdma unproperly mremap, a VM escape may be caused.
QEMU qemu<2.17.2
Debian Debian Linux=10.0
ubuntu/qemu<1:4.2-3ubuntu6.17
ubuntu/qemu<1:5.0-5ubuntu9.9
ubuntu/qemu<1:5.2+dfsg-9ubuntu3.1
ubuntu/qemu<1:6.0+dfsg-2
and 3 more
CVE-2013-4536
QEMU qemu<1.5.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203