| CVE-2021-20263 |
Medium |
No |
Privilege escalation |
A security issue was found in in the virtio-fs shared file system daemon (virtiofsd) of QEMU. Virtio-fs is meant to share a host file system directory with... |
| CVE-2021-20257 |
Low |
No |
Denial of service |
An infinite loop issue was found in the e1000 NIC emulator of the QEMU. It occurs while processing transmit (tx) descriptors in process_tx_desc, if various... |
| CVE-2021-20255 |
Low |
No |
Denial of service |
A stack overflow via infinite recursion issue was found in the eepro100 i8255x device emulator of QEMU. It could occur while processing controller commands... |
| CVE-2021-20221 |
Low |
No |
Arbitrary code execution |
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU on aarch64 platform. The issue occurs because... |
| CVE-2021-20203 |
Low |
No |
Denial of service |
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU. It may occur if a guest was to supply invalid values for rx/tx queue size or... |
| CVE-2021-20196 |
Low |
No |
Denial of service |
A NULL pointer dereference issue was found in the Floppy disk emulator of QEMU. It could occur while processing read/write ioport commands, if the selected... |
| CVE-2021-20181 |
Medium |
No |
Privilege escalation |
A security issue was found in QEMU 5.2.0. A race condition in the Plan 9 file system component could allow privilege escalation. |
| CVE-2021-3416 |
Low |
No |
Denial of service |
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU. The issue occurs in loopback mode of a NIC wherein reentrant... |
| CVE-2021-3409 |
Medium |
No |
Arbitrary code execution |
Upstream commit dfba99f17feb6d4a129da19d38df1bcd8579d1c3 was supposed to fix CVE-2020-17380 and CVE-2020-25085, both involving a heap buffer overflow in the... |
| CVE-2021-3392 |
Medium |
No |
Arbitrary code execution |
A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error... |
| CVE-2020-35517 |
Medium |
No |
Privilege escalation |
A potential host privilege escalation issue was found in the virtio-fs shared file system daemon (virtiofsd) of the QEMU. Virtio-fs daemon shares the host... |
| CVE-2020-35506 |
Medium |
No |
Arbitrary code execution |
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the esp_do_dma() function in... |
| CVE-2020-35505 |
Low |
No |
Denial of service |
A NULL pointer dereference issue was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the do_busid_cmd() function in... |
| CVE-2020-35504 |
Low |
No |
Denial of service |
A NULL pointer dereference issue was found in the SCSI emulation support of QEMU. It could occur in the scsi_req_continue() function in hw/scsi/scsi-bus.c... |
| CVE-2020-35503 |
Low |
No |
Denial of service |
A NULL pointer dereference issue was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU. It could occur in the megasas_command_cancelled()... |
| CVE-2020-29443 |
Low |
No |
Directory traversal |
An out-of-bounds read access issue was found in the ATAPI Emulator of QEMU. It occurs while processing ATAPI read command if logical block address(LBA) is... |
| CVE-2020-27821 |
Medium |
No |
Denial of service |
A heap buffer overflow was found in the Message Signaled Interrupt (MSI-X) device support of QEMU. The overflow could occur due to an out-of-bounds write of... |
| CVE-2020-15469 |
Low |
No |
Denial of service |
In QEMU 5.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. |
| CVE-2020-14394 |
Low |
No |
Denial of service |
An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get... |