qemu
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A generic and open source machine emulator and virtualizer |
| Version | 5.2.0-2 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1308 | 5.2.0-2 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-35517 | AVG-1308 | Medium | No | Privilege escalation | A potential host privilege escalation issue was found in the virtio-fs shared file system daemon (virtiofsd) of the QEMU. Virtio-fs daemon shares the host... |
| CVE-2020-35506 | AVG-1308 | Medium | No | Arbitrary code execution | A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the esp_do_dma() function in... |
| CVE-2020-35505 | AVG-1308 | Low | No | Denial of service | A NULL pointer dereference issue was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the do_busid_cmd() function in... |
| CVE-2020-35504 | AVG-1308 | Low | No | Denial of service | A NULL pointer dereference issue was found in the SCSI emulation support of QEMU. It could occur in the scsi_req_continue() function in hw/scsi/scsi-bus.c... |
| CVE-2020-35503 | AVG-1308 | Low | No | Denial of service | A NULL pointer dereference issue was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU. It could occur in the megasas_command_cancelled()... |
| CVE-2020-29443 | AVG-1308 | Low | No | Directory traversal | An out-of-bounds read access issue was found in the ATAPI Emulator of QEMU. It occurs while processing ATAPI read command if logical block address(LBA) is... |
| CVE-2020-27821 | AVG-1308 | Medium | No | Denial of service | A heap buffer overflow was found in the Message Signaled Interrupt (MSI-X) device support of QEMU. The overflow could occur due to an out-of-bounds write of... |
| CVE-2020-14394 | AVG-1308 | Low | No | Denial of service | An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1300 | 5.1.0-3 | 5.2.0-1 | Medium | Fixed | FS#68356 |
| AVG-1110 | 4.2.0-2 | 5.0.0-1 | High | Fixed | |
| AVG-938 | 2.8.0-1 | 2.8.1-1 | High | Fixed | |
| AVG-914 | 3.1.0-2 | 4.0.0-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-28916 | AVG-1300 | Medium | No | Denial of service | An infinite loop issue was found in the e1000e device emulator in QEMU before version 5.2.0. The issue could occur while receiving packets via... |
| CVE-2020-25723 | AVG-1300 | Medium | No | Denial of service | A reachable assertion issue was found in the USB EHCI emulation code of QEMU before version 5.2.0. It could occur while processing USB requests due to... |
| CVE-2020-25625 | AVG-1300 | Medium | No | Denial of service | An infinite loop issue was found in the USB OHCI controller emulator of QEMU before version 5.2.0. It could occur while servicing OHCI isochronous transfer... |
| CVE-2020-25624 | AVG-1300 | Medium | No | Arbitrary code execution | A flaw was found in QEMU before version 5.2.0. An out-of-bounds read/write access issue was found in the USB OHCI controller emulator. The issue could occur... |
| CVE-2020-14364 | AVG-1300 | Medium | No | Arbitrary code execution | An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets... |
| CVE-2020-7039 | AVG-1110 | High | No | Arbitrary code execution | A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the tcp_emu() routine while... |
| CVE-2020-1711 | AVG-1110 | High | No | Arbitrary code execution | An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking... |
| CVE-2019-20382 | AVG-1110 | Low | Yes | Denial of service | A memory leak has been found in in the way VNC display driver of QEMU <= 4.2.0 handled connection disconnect, when ZRLE, Tight encoding is enabled. It... |
| CVE-2019-3812 | AVG-914 | High | No | Arbitrary code execution | QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function.... |
| CVE-2017-7980 | AVG-938 | High | No | Arbitrary code execution | Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds r/w access issue. It could occur while copying... |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 16 Dec 2020 | ASA-202012-26 | AVG-1300 | Medium | multiple issues |
| 07 May 2020 | ASA-202005-6 | AVG-1110 | High | multiple issues |