CVE search results

161 – 170 of 464 results

Detailed view

Sort by:

CVE-2018-20125

Low priority

Fixed

hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	Not affected	Not affected
qemu-kvm	—	—	—	Not in release	Not in release

CVE-2018-20124

Medium priority

Fixed

hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	Not affected	Not affected
qemu-kvm	—	—	—	Not in release	Not in release

CVE-2018-20123

Low priority

Fixed

pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	Not affected	Not affected
qemu-kvm	—	—	—	Not in release	Not in release

CVE-2018-19489

Low priority

Fixed

v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	Not affected	Fixed	Fixed
qemu-kvm	—	—	Not in release	Not in release	Not in release

A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	Fixed	Not affected
qemu-kvm	—	—	—	Not in release	Not in release

CVE-2018-16867

Medium priority

Fixed

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in...

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	Not affected	Not affected
qemu-kvm	—	—	—	Not in release	Not in release

CVE-2018-19665

Low priority

Ignored

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	Not affected	Ignored	Ignored
qemu-kvm	—	—	Not in release	Not in release	Not in release

CVE-2018-19364

Low priority

Fixed

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	Fixed	Fixed	Fixed
qemu-kvm	—	—	Not in release	Not in release	Not in release

CVE-2018-18954

Low priority

Fixed

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	—	Fixed	Not affected
qemu-kvm	—	—	—	Not in release	Not in release

CVE-2018-18849

Low priority

Fixed

In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.

2 affected packages

qemu, qemu-kvm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
qemu	—	—	Fixed	Fixed	Fixed
qemu-kvm	—	—	Not in release	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports

CVE-2018-20125

CVE-2018-20124

CVE-2018-20123

CVE-2018-19489

CVE-2018-16872

CVE-2018-16867

CVE-2018-19665

CVE-2018-19364

CVE-2018-18954

CVE-2018-18849