Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-09 CVE-2016-9101 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
local
low complexity
qemu opensuse debian CWE-772
6.0
2016-11-04 CVE-2016-8910 Infinite Loop vulnerability in multiple products
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
local
low complexity
qemu debian opensuse redhat CWE-835
6.0
2016-11-04 CVE-2016-8909 Infinite Loop vulnerability in multiple products
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
local
low complexity
qemu debian opensuse redhat CWE-835
6.0
2016-11-04 CVE-2016-8669 Divide By Zero vulnerability in multiple products
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
local
low complexity
qemu opensuse redhat debian CWE-369
6.0
2016-11-04 CVE-2016-8668 Classic Buffer Overflow vulnerability in multiple products
The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.
local
low complexity
qemu opensuse CWE-120
6.0
2016-11-04 CVE-2016-8667 Divide By Zero vulnerability in multiple products
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
local
low complexity
qemu opensuse debian CWE-369
6.0
2016-11-04 CVE-2016-8578 The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.
local
low complexity
qemu opensuse debian
6.0
2016-11-04 CVE-2016-8577 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
local
low complexity
qemu debian opensuse CWE-772
6.0
2016-11-04 CVE-2016-8576 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
local
low complexity
qemu opensuse redhat debian CWE-770
6.0
2016-10-10 CVE-2016-7423 Unspecified vulnerability in Qemu
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.
local
low complexity
qemu
4.4