qemu

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A generic and open source machine emulator and virtualizer
Version 6.1.0-5 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1898 6.1.0-5 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-20255 AVG-1898 Low No Denial of service
A stack overflow via infinite recursion issue was found in the eepro100 i8255x device emulator of QEMU. It could occur while processing controller commands...
CVE-2021-20203 AVG-1898 Low No Denial of service
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU. It may occur if a guest was to supply invalid values for rx/tx queue size or...
CVE-2021-20196 AVG-1898 Low No Denial of service
A NULL pointer dereference issue was found in the Floppy disk emulator of QEMU. It could occur while processing read/write ioport commands, if the selected...
CVE-2021-3750 AVG-1898 Medium No Arbitrary code execution
A DMA reentrancy issue was found in the EHCI controller emulation of QEMU. When EHCI tries to transfer the USB packets, it doesn't check if the buffer...
CVE-2021-3748 AVG-1898 Medium No Arbitrary code execution
OSS-Fuzz found a use-after-free vulnerability in virtio-net. It occurs in the iov_from_buf_full function under these conditions:  1) the (malicious) driver...
CVE-2021-3735 AVG-1898 Low No Denial of service
A deadlock issue was found in the AHCI controller device (ich9-ahci) of QEMU while handling a host-to-device Register FIS (Frame Information Structure)...
CVE-2021-3713 AVG-1898 Medium No Arbitrary code execution
An out-of-bounds write issue was found in the UAS (USB Attached SCSI) device emulation of QEMU. It occurs due to missing sanity checks in the...
CVE-2021-3638 AVG-1898 Low No Denial of service
An out-of-bounds memory access security issue was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling...
CVE-2021-3611 AVG-1898 Low No Denial of service
A KVM guest can crash qemu-kvm (likely with a stack overflow) when the guest has been started with the intel-hda device.
CVE-2021-3507 AVG-1898 Medium No Information disclosure
A heap buffer overflow was found in the floppy disk emulator of QEMU. It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA...
CVE-2020-15859 AVG-1898 Low No Denial of service
A use-after-free issue was found in the INTEL 82574 NIC (e1000e) emulator of the QEMU. It could while sending packets if the guest user set the packet data...
CVE-2020-14394 AVG-1898 Low No Denial of service
An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2322 6.0.0-3 6.1.0-1 Medium Fixed
AVG-1308 5.2.0-4 6.0.0-1 Medium Fixed
AVG-1300 5.1.0-3 5.2.0-1 Medium Fixed FS#68356
AVG-1110 4.2.0-2 5.0.0-1 High Fixed
AVG-938 2.8.0-1 2.8.1-1 High Fixed
AVG-914 3.1.0-2 4.0.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-20263 AVG-1308 Medium No Privilege escalation
A security issue was found in in the virtio-fs shared file system daemon (virtiofsd) of QEMU. Virtio-fs is meant to share a host file system directory with...
CVE-2021-20257 AVG-1308 Low No Denial of service
An infinite loop issue was found in the e1000 NIC emulator of the QEMU. It occurs while processing transmit (tx) descriptors in process_tx_desc, if various...
CVE-2021-20221 AVG-1308 Low No Arbitrary code execution
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU on aarch64 platform. The issue occurs because...
CVE-2021-20181 AVG-1308 Medium No Privilege escalation
A security issue was found in QEMU 5.2.0. A race condition in the Plan 9 file system component could allow privilege escalation.
CVE-2021-3682 AVG-2322 Medium No Arbitrary code execution
A security issue was found in the USB redirector device emulation of QEMU. It occurs when dropping packets during a bulk transfer from a SPICE client due to...
CVE-2021-3608 AVG-2322 Medium No Arbitrary code execution
A security issue was found in the QEMU implementation of VMWare's paravirtual RDMA device. It could occur while handling a "PVRDMA_REG_DSRHIGH" write from...
CVE-2021-3607 AVG-2322 Low No Denial of service
An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device. It could occur while handling a "PVRDMA_REG_DSRHIGH" write...
CVE-2021-3582 AVG-2322 Low No Denial of service
A security issue was found in the QEMU implementation of VMWare's paravirtual RDMA device. It could occur while handling a "PVRDMA_CMD_CREATE_MR" command...
CVE-2021-3546 AVG-2322 Low No Arbitrary code execution
An out-of-bounds write vulnerability was found in the virtio vhost- user GPU device (vhost-user-gpu) of QEMU. The flaw exists in virgl_cmd_get_capset() in...
CVE-2021-3545 AVG-2322 Low No Information disclosure
An information disclosure vulnerability was found in the virtio vhost- user GPU device (vhost-user-gpu) of QEMU. The flaw exists in...
CVE-2021-3544 AVG-2322 Low No Denial of service
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU. They exist in contrib/vhost-user-gpu/vhost- user-gpu.c and...
CVE-2021-3527 AVG-2322 Low No Denial of service
A security issue was found in the USB redirection support (usb-redir) of QEMU. More specifically, usb-host and usb-redirect try to batch bulk transfers by...
CVE-2021-3416 AVG-1308 Low No Denial of service
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU. The issue occurs in loopback mode of a NIC wherein reentrant...
CVE-2021-3409 AVG-1308 Medium No Arbitrary code execution
Upstream commit dfba99f17feb6d4a129da19d38df1bcd8579d1c3 was supposed to fix CVE-2020-17380 and CVE-2020-25085, both involving a heap buffer overflow in the...
CVE-2021-3392 AVG-1308 Medium No Arbitrary code execution
A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error...
CVE-2020-35517 AVG-1308 Medium No Privilege escalation
A potential host privilege escalation issue was found in the virtio-fs shared  file system daemon (virtiofsd) of the QEMU. Virtio-fs daemon shares the host...
CVE-2020-35506 AVG-1308 Medium No Arbitrary code execution
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the esp_do_dma() function in...
CVE-2020-35505 AVG-1308 Low No Denial of service
A NULL pointer dereference issue was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the do_busid_cmd() function in...
CVE-2020-35504 AVG-1308 Low No Denial of service
A NULL pointer dereference issue was found in the SCSI emulation support of QEMU. It could occur in the scsi_req_continue() function in hw/scsi/scsi-bus.c...
CVE-2020-35503 AVG-1308 Low No Denial of service
A NULL pointer dereference issue was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU. It could occur in the megasas_command_cancelled()...
CVE-2020-29443 AVG-1308 Low No Directory traversal
An out-of-bounds read access issue was found in the ATAPI Emulator of QEMU. It occurs while processing ATAPI read command if logical block address(LBA) is...
CVE-2020-28916 AVG-1300 Medium No Denial of service
An infinite loop issue was found in the e1000e device emulator in QEMU before version 5.2.0. The issue could occur while receiving packets via...
CVE-2020-27821 AVG-1308 Medium No Denial of service
A heap buffer overflow was found in the Message Signaled Interrupt (MSI-X) device support of QEMU. The overflow could occur due to an out-of-bounds write of...
CVE-2020-25723 AVG-1300 Medium No Denial of service
A reachable assertion issue was found in the USB EHCI emulation code of QEMU before version 5.2.0. It could occur while processing USB requests due to...
CVE-2020-25625 AVG-1300 Medium No Denial of service
An infinite loop issue was found in the USB OHCI controller emulator of QEMU before version 5.2.0. It could occur while servicing OHCI isochronous transfer...
CVE-2020-25624 AVG-1300 Medium No Arbitrary code execution
A flaw was found in QEMU before version 5.2.0. An out-of-bounds read/write access issue was found in the USB OHCI controller emulator. The issue could occur...
CVE-2020-15469 AVG-1308 Low No Denial of service
In QEMU 5.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2020-14364 AVG-1300 Medium No Arbitrary code execution
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets...
CVE-2020-7039 AVG-1110 High No Arbitrary code execution
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the tcp_emu() routine while...
CVE-2020-1711 AVG-1110 High No Arbitrary code execution
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking...
CVE-2019-20382 AVG-1110 Low Yes Denial of service
A memory leak has been found in in the way VNC display driver of QEMU <= 4.2.0 handled connection disconnect, when ZRLE, Tight encoding is enabled. It...
CVE-2019-3812 AVG-914 High No Arbitrary code execution
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function....
CVE-2017-7980 AVG-938 High No Arbitrary code execution
Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds r/w access issue. It could occur while copying...

Advisories

Date Advisory Group Severity Type
16 Dec 2020 ASA-202012-26 AVG-1300 Medium multiple issues
07 May 2020 ASA-202005-6 AVG-1110 High multiple issues