Vulnerabilities > Qemu

DATE CVE VULNERABILITY TITLE RISK
2020-07-21 CVE-2020-15859 Use After Free vulnerability in multiple products
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
local
low complexity
qemu debian CWE-416
3.3
3.3
2020-07-02 CVE-2020-15469 NULL Pointer Dereference vulnerability in multiple products
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
local
low complexity
qemu debian CWE-476
2.3
2.3
2020-06-09 CVE-2020-10761 Reachable Assertion vulnerability in multiple products
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1.
network
low complexity
qemu redhat opensuse canonical CWE-617
5.0
5.0
2020-06-04 CVE-2020-10702 Unspecified vulnerability in Qemu
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0.
local
low complexity
qemu
5.5
5.5
2020-06-04 CVE-2020-13800 Uncontrolled Recursion vulnerability in multiple products
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
local
low complexity
qemu canonical opensuse CWE-674
6.0
6.0
2020-06-04 CVE-2020-13791 Out-of-bounds Read vulnerability in Qemu
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
local
low complexity
qemu CWE-125
5.5
5.5
2020-06-04 CVE-2020-13765 Out-of-bounds Write vulnerability in multiple products
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
network
high complexity
qemu canonical debian CWE-787
5.6
5.6
2020-06-02 CVE-2020-13754 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
local
low complexity
qemu canonical debian CWE-119
6.7
6.7
2020-06-02 CVE-2020-13659 NULL Pointer Dereference vulnerability in multiple products
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
local
high complexity
qemu debian opensuse canonical CWE-476
2.5
2.5
2020-05-28 CVE-2020-13362 Out-of-bounds Read vulnerability in multiple products
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
local
low complexity
qemu debian opensuse canonical CWE-125
3.2
3.2