Vulnerabilities > Qemu > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-29 CVE-2022-0358 Improper Check for Dropped Privileges vulnerability in multiple products
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation.
local
low complexity
qemu redhat CWE-273
7.8
2022-08-25 CVE-2021-3929 Use After Free vulnerability in multiple products
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU.
local
low complexity
qemu fedoraproject CWE-416
8.2
2022-07-11 CVE-2022-35414 Use of Uninitialized Resource vulnerability in multiple products
softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.
local
low complexity
qemu debian CWE-908
8.8
2022-05-02 CVE-2021-3750 Use After Free vulnerability in multiple products
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU.
local
low complexity
qemu redhat CWE-416
8.2
2022-04-29 CVE-2021-4206 Incorrect Calculation of Buffer Size vulnerability in multiple products
A flaw was found in the QXL display device emulation in QEMU.
local
low complexity
qemu redhat debian CWE-131
8.2
2022-04-29 CVE-2021-4207 Classic Buffer Overflow vulnerability in multiple products
A flaw was found in the QXL display device emulation in QEMU.
local
low complexity
qemu redhat debian CWE-120
8.2
2022-03-29 CVE-2022-1050 Use After Free vulnerability in Qemu
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device.
local
low complexity
qemu CWE-416
8.8
2022-03-23 CVE-2021-3748 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in the virtio-net device of QEMU.
7.5
2022-03-16 CVE-2022-26353 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A flaw was found in the virtio-net device of QEMU.
network
low complexity
qemu debian CWE-772
7.5
2021-08-25 CVE-2021-3713 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0.
low complexity
qemu debian CWE-787
7.4