Vulnerabilities > Qemu

DATE CVE VULNERABILITY TITLE RISK
2017-09-01 CVE-2017-13672 Out-of-bounds Read vulnerability in multiple products
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
local
low complexity
qemu debian CWE-125
5.5
2017-08-29 CVE-2017-13673 Reachable Assertion vulnerability in Qemu 2.8.0/2.9.0
The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.
network
low complexity
qemu CWE-617
6.5
2017-08-28 CVE-2017-8380 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu 2.9.0
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
qemu CWE-119
critical
9.8
2017-08-23 CVE-2017-12809 NULL Pointer Dereference vulnerability in multiple products
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
local
low complexity
qemu debian CWE-476
6.5
2017-08-10 CVE-2014-0146 NULL Pointer Dereference vulnerability in Qemu
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
local
low complexity
qemu CWE-476
5.5
2017-08-10 CVE-2014-0145 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).
local
low complexity
qemu CWE-119
7.8
2017-08-10 CVE-2014-0143 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
local
high complexity
redhat qemu CWE-190
7.0
2017-08-10 CVE-2014-0142 Divide By Zero vulnerability in Qemu
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.
local
low complexity
qemu CWE-369
5.5
2017-08-02 CVE-2017-11334 Out-of-bounds Read vulnerability in multiple products
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
local
low complexity
qemu debian CWE-125
4.4
2017-08-02 CVE-2017-10806 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
local
low complexity
qemu debian CWE-787
5.5