Vulnerabilities > Qemu > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-01 CVE-2018-7550 Out-of-bounds Write vulnerability in multiple products
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
local
low complexity
qemu debian canonical redhat CWE-787
8.8
2018-01-09 CVE-2017-15124 Allocation of Resources Without Limits or Throttling vulnerability in Qemu
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client.
network
low complexity
qemu CWE-770
7.5
2017-10-16 CVE-2015-7504 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
local
low complexity
qemu xen debian CWE-787
8.8
2017-09-08 CVE-2017-14167 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.
local
low complexity
qemu debian CWE-190
7.2
2017-08-28 CVE-2017-8380 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu 2.9.0
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
qemu CWE-119
7.5
2017-08-10 CVE-2014-0145 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qemu
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).
local
low complexity
qemu CWE-119
7.8
2017-08-10 CVE-2014-0143 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
local
high complexity
redhat qemu CWE-190
7.0
2017-05-23 CVE-2017-8309 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
network
low complexity
qemu debian redhat CWE-772
7.8
2017-04-26 CVE-2017-8284 Code Injection vulnerability in Qemu
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail.
local
high complexity
qemu CWE-94
7.0
2017-04-11 CVE-2015-8666 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
local
low complexity
qemu debian CWE-787
7.9