Vulnerabilities > Qemu > Low

DATE CVE VULNERABILITY TITLE RISK
2020-10-02 CVE-2020-25741 NULL Pointer Dereference vulnerability in Qemu 5.0.0
fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.
local
low complexity
qemu CWE-476
3.2
2020-09-25 CVE-2020-25084 Use After Free vulnerability in multiple products
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
local
low complexity
qemu debian CWE-416
3.2
2020-08-31 CVE-2020-12829 Integer Overflow or Wraparound vulnerability in multiple products
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation.
local
low complexity
qemu canonical debian CWE-190
3.8
2020-08-27 CVE-2020-14415 Divide By Zero vulnerability in multiple products
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
local
low complexity
qemu canonical CWE-369
3.3
2020-08-11 CVE-2020-16092 Reachable Assertion vulnerability in multiple products
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing.
local
low complexity
qemu debian canonical opensuse CWE-617
3.8
2020-07-21 CVE-2020-15859 Use After Free vulnerability in multiple products
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
local
low complexity
qemu debian CWE-416
3.3
2020-07-02 CVE-2020-15469 NULL Pointer Dereference vulnerability in multiple products
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
local
low complexity
qemu debian CWE-476
2.3
2020-06-02 CVE-2020-13659 NULL Pointer Dereference vulnerability in multiple products
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
local
high complexity
qemu debian opensuse canonical CWE-476
2.5
2020-05-28 CVE-2020-13362 Out-of-bounds Read vulnerability in multiple products
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
local
low complexity
qemu debian opensuse canonical CWE-125
3.2
2020-05-28 CVE-2020-13361 Out-of-bounds Write vulnerability in multiple products
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
local
high complexity
qemu debian opensuse canonical CWE-787
3.9