Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-16 CVE-2016-2392 The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.
local
low complexity
qemu canonical
6.5
2016-06-16 CVE-2016-2391 NULL Pointer Dereference vulnerability in multiple products
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
local
low complexity
qemu canonical debian CWE-476
5.0
2016-06-14 CVE-2016-5337 The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
local
low complexity
qemu canonical debian
5.5
2016-06-14 CVE-2016-5238 Out-of-bounds Write vulnerability in multiple products
The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode.
local
low complexity
qemu canonical debian CWE-787
4.4
2016-06-01 CVE-2016-4454 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read.
local
low complexity
qemu canonical debian CWE-119
6.0
2016-06-01 CVE-2016-4453 Infinite Loop vulnerability in multiple products
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command.
local
low complexity
qemu canonical debian CWE-835
4.4
2016-05-25 CVE-2016-4020 The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
local
low complexity
qemu canonical debian redhat
6.5
2016-05-23 CVE-2016-4037 Resource Exhaustion vulnerability in multiple products
The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular split isochronous transfer descriptor (siTD) list, a related issue to CVE-2015-8558.
local
low complexity
fedoraproject canonical qemu debian CWE-400
6.0
2016-05-23 CVE-2015-8558 Infinite Loop vulnerability in multiple products
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.
local
low complexity
qemu debian CWE-835
5.5
2016-05-20 CVE-2016-4441 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command.
local
low complexity
qemu canonical debian CWE-119
6.0