Vulnerabilities > Qemu > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-27 CVE-2017-5931 Integer Overflow or Wraparound vulnerability in Qemu
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow.
local
low complexity
qemu CWE-190
8.8
2017-03-20 CVE-2017-6058 Classic Buffer Overflow vulnerability in Qemu
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.
network
low complexity
qemu CWE-120
7.5
2016-06-16 CVE-2016-2538 Numeric Errors vulnerability in Qemu
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
local
low complexity
qemu CWE-189
7.1
2016-06-14 CVE-2016-5338 The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
local
low complexity
qemu canonical debian
7.8
2016-06-01 CVE-2016-5126 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
local
low complexity
qemu canonical oracle debian redhat CWE-787
7.8
2016-05-23 CVE-2016-4001 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the stellaris_enet_receive function in hw/net/stellaris_enet.c in QEMU, when the Stellaris ethernet controller is configured to accept large packets, allows remote attackers to cause a denial of service (QEMU crash) via a large packet.
network
low complexity
qemu canonical fedoraproject debian CWE-120
8.6
2016-05-11 CVE-2016-3710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
7.2
2016-04-12 CVE-2016-2857 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
local
low complexity
qemu canonical debian redhat CWE-119
8.4
2016-04-12 CVE-2016-1568 Use After Free vulnerability in multiple products
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
local
low complexity
qemu redhat debian CWE-416
8.8
2016-04-07 CVE-2016-1714 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration.
local
high complexity
redhat oracle qemu CWE-119
8.1