Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-10 CVE-2016-4964 Unspecified vulnerability in Qemu
The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state.
local
low complexity
qemu
6.0
2016-12-09 CVE-2016-9106 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
local
low complexity
qemu opensuse debian CWE-772
6.0
2016-12-09 CVE-2016-9105 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
local
low complexity
qemu opensuse debian CWE-772
6.0
2016-12-09 CVE-2016-9103 Information Exposure vulnerability in multiple products
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
local
low complexity
qemu debian CWE-200
6.0
2016-12-09 CVE-2016-9102 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.
local
low complexity
qemu debian CWE-772
6.0
2016-11-04 CVE-2016-8910 Infinite Loop vulnerability in multiple products
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
local
low complexity
qemu debian opensuse redhat CWE-835
6.0
2016-11-04 CVE-2016-8909 Infinite Loop vulnerability in multiple products
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
local
low complexity
qemu debian opensuse redhat CWE-835
6.0
2016-11-04 CVE-2016-8669 Divide By Zero vulnerability in multiple products
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
local
low complexity
qemu opensuse redhat debian CWE-369
6.0
2016-11-04 CVE-2016-8577 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
local
low complexity
qemu debian opensuse CWE-772
6.0
2016-11-04 CVE-2016-8576 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
local
low complexity
qemu opensuse redhat debian CWE-770
6.0