Vulnerabilities > Qemu > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-01 | CVE-2018-7550 | Out-of-bounds Write vulnerability in multiple products The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | 8.8 |
| 2018-01-09 | CVE-2017-15124 | Allocation of Resources Without Limits or Throttling vulnerability in Qemu VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. | 7.5 |
| 2017-10-16 | CVE-2015-7504 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. | 8.8 |
| 2017-09-08 | CVE-2017-14167 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. | 7.2 |
| 2017-08-28 | CVE-2017-8380 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu 2.9.0 Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. | 7.5 |
| 2017-08-10 | CVE-2014-0145 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c). | 7.8 |
| 2017-08-10 | CVE-2014-0143 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes. | 7.0 |
| 2017-05-23 | CVE-2017-8309 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | 7.8 |
| 2017-04-26 | CVE-2017-8284 | Code Injection vulnerability in Qemu The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. | 7.0 |
| 2017-04-11 | CVE-2015-8666 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. | 7.9 |