Vulnerabilities > Qemu

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2022-36648 NULL Pointer Dereference vulnerability in Qemu
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.
network
low complexity
qemu CWE-476
critical
 10.0
10
2023-08-14 CVE-2023-40360 NULL Pointer Dereference vulnerability in Qemu
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
local
low complexity
qemu CWE-476
5.5
5.5
2023-08-04 CVE-2023-4135 Out-of-bounds Read vulnerability in multiple products
A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU.
local
low complexity
qemu fedoraproject CWE-125
6.5
6.5
2023-08-03 CVE-2023-3180 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req.
local
low complexity
qemu fedoraproject debian CWE-787
6.5
6.5
2023-07-24 CVE-2023-1386 Improper Preservation of Permissions vulnerability in multiple products
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU.
local
low complexity
qemu fedoraproject CWE-281
7.8
7.8
2023-07-24 CVE-2023-3019 Use After Free vulnerability in multiple products
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU.
local
low complexity
qemu redhat CWE-416
6.5
6.5
2023-07-11 CVE-2023-3354 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in the QEMU built-in VNC server.
network
low complexity
qemu redhat fedoraproject CWE-476
7.5
7.5
2023-03-29 CVE-2023-0664 Improper Privilege Management vulnerability in multiple products
A flaw was found in the QEMU Guest Agent service for Windows.
local
low complexity
qemu redhat fedoraproject CWE-269
7.8
7.8
2023-03-23 CVE-2023-1544 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device.
local
low complexity
qemu fedoraproject CWE-770
6.3
6.3
2023-03-06 CVE-2023-0330 Out-of-bounds Write vulnerability in multiple products
A vulnerability in the lsi53c895a device affects the latest version of qemu.
local
low complexity
qemu debian CWE-787
6.0
6.0