qemu

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A generic and open source machine emulator and virtualizer
Version 5.2.0-2 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1308 5.2.0-2 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2020-35517 AVG-1308 Medium No Privilege escalation
A potential host privilege escalation issue was found in the virtio-fs shared  file system daemon (virtiofsd) of the QEMU. Virtio-fs daemon shares the host...
CVE-2020-35506 AVG-1308 Medium No Arbitrary code execution
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the esp_do_dma() function in...
CVE-2020-35505 AVG-1308 Low No Denial of service
A NULL pointer dereference issue was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the do_busid_cmd() function in...
CVE-2020-35504 AVG-1308 Low No Denial of service
A NULL pointer dereference issue was found in the SCSI emulation support of QEMU. It could occur in the scsi_req_continue() function in hw/scsi/scsi-bus.c...
CVE-2020-35503 AVG-1308 Low No Denial of service
A NULL pointer dereference issue was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU. It could occur in the megasas_command_cancelled()...
CVE-2020-29443 AVG-1308 Low No Directory traversal
An out-of-bounds read access issue was found in the ATAPI Emulator of QEMU. It occurs while processing ATAPI read command if logical block address(LBA) is...
CVE-2020-27821 AVG-1308 Medium No Denial of service
A heap buffer overflow was found in the Message Signaled Interrupt (MSI-X) device support of QEMU. The overflow could occur due to an out-of-bounds write of...
CVE-2020-14394 AVG-1308 Low No Denial of service
An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1300 5.1.0-3 5.2.0-1 Medium Fixed FS#68356
AVG-1110 4.2.0-2 5.0.0-1 High Fixed
AVG-938 2.8.0-1 2.8.1-1 High Fixed
AVG-914 3.1.0-2 4.0.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-28916 AVG-1300 Medium No Denial of service
An infinite loop issue was found in the e1000e device emulator in QEMU before version 5.2.0. The issue could occur while receiving packets via...
CVE-2020-25723 AVG-1300 Medium No Denial of service
A reachable assertion issue was found in the USB EHCI emulation code of QEMU before version 5.2.0. It could occur while processing USB requests due to...
CVE-2020-25625 AVG-1300 Medium No Denial of service
An infinite loop issue was found in the USB OHCI controller emulator of QEMU before version 5.2.0. It could occur while servicing OHCI isochronous transfer...
CVE-2020-25624 AVG-1300 Medium No Arbitrary code execution
A flaw was found in QEMU before version 5.2.0. An out-of-bounds read/write access issue was found in the USB OHCI controller emulator. The issue could occur...
CVE-2020-14364 AVG-1300 Medium No Arbitrary code execution
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets...
CVE-2020-7039 AVG-1110 High No Arbitrary code execution
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the tcp_emu() routine while...
CVE-2020-1711 AVG-1110 High No Arbitrary code execution
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking...
CVE-2019-20382 AVG-1110 Low Yes Denial of service
A memory leak has been found in in the way VNC display driver of QEMU <= 4.2.0 handled connection disconnect, when ZRLE, Tight encoding is enabled. It...
CVE-2019-3812 AVG-914 High No Arbitrary code execution
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function....
CVE-2017-7980 AVG-938 High No Arbitrary code execution
Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds r/w access issue. It could occur while copying...

Advisories

Date Advisory Group Severity Description
16 Dec 2020 ASA-202012-26 AVG-1300 Medium multiple issues
07 May 2020 ASA-202005-6 AVG-1110 High multiple issues