Vulnerabilities > Qemu > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2016-4439 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors.
local
low complexity
canonical qemu debian CWE-119
6.7
2016-05-11 CVE-2016-3712 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
5.5
2016-04-12 CVE-2015-5158 Out-of-bounds Write vulnerability in Qemu
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block.
local
low complexity
qemu CWE-787
5.5
2016-04-07 CVE-2016-2858 Insufficient Entropy vulnerability in multiple products
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
local
low complexity
qemu canonical debian CWE-331
6.5