Search CVE reports
61 – 70 of 464 results
CVE-2021-3608
Low priorityA flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause...
1 affected packages
qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | Fixed | Fixed | Not affected | Not affected |
CVE-2021-3607
Low priorityAn integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation....
1 affected packages
qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | Fixed | Fixed | Not affected | Not affected |
CVE-2021-3582
Medium priorityA flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to...
1 affected packages
qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | Fixed | Fixed | Not affected | Not affected |
CVE-2021-3595
Low prioritySome fixes available 10 of 12
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the...
2 affected packages
libslirp, qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Ignored |
qemu | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2021-3594
Low prioritySome fixes available 10 of 12
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the...
2 affected packages
libslirp, qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Ignored |
qemu | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2021-3593
Low prioritySome fixes available 10 of 12
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the...
2 affected packages
libslirp, qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Ignored |
qemu | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2021-3592
Low prioritySome fixes available 10 of 12
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the...
2 affected packages
libslirp, qemu
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Ignored |
qemu | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2020-27661
Low priorityA divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | — | Not affected | Not affected | Not affected |
qemu-kvm | — | — | Not in release | Not in release | Not in release |
CVE-2019-12067
Low priorityThe ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2021-3546
Medium priorityAn out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | Fixed | Fixed | Not affected | Not affected |
qemu-kvm | — | Not in release | Not in release | Not in release | Not in release |