Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2017-7377 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.
local
low complexity
qemu debian CWE-772
6.0
2017-03-27 CVE-2017-5973 Infinite Loop vulnerability in multiple products
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
local
low complexity
qemu debian redhat CWE-835
5.5
2017-03-27 CVE-2016-9922 Divide By Zero vulnerability in Qemu
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
local
low complexity
qemu CWE-369
5.5
2017-03-20 CVE-2017-5987 Infinite Loop vulnerability in multiple products
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
local
low complexity
qemu debian CWE-835
5.5
2017-03-16 CVE-2017-5857 Memory Leak vulnerability in Qemu
Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand.
local
low complexity
qemu CWE-401
6.5
2017-03-16 CVE-2017-5856 Memory Leak vulnerability in multiple products
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
local
low complexity
qemu debian CWE-401
6.5
2017-03-16 CVE-2017-5667 Out-of-bounds Read vulnerability in multiple products
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
local
low complexity
qemu debian CWE-125
6.5
2017-03-15 CVE-2017-5898 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
local
low complexity
qemu suse CWE-190
5.5
2017-03-15 CVE-2017-5579 Memory Leak vulnerability in multiple products
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
local
low complexity
qemu debian CWE-401
6.5
2017-03-15 CVE-2017-5578 Memory Leak vulnerability in Qemu
Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
local
low complexity
qemu CWE-401
6.5