qemu

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A generic and open source machine emulator and virtualizer
Version 5.2.0-4 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1308 5.2.0-4 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-20263 AVG-1308 Medium No Privilege escalation
A security issue was found in in the virtio-fs shared file system daemon (virtiofsd) of QEMU. Virtio-fs is meant to share a host file system directory with...
CVE-2021-20257 AVG-1308 Low No Denial of service
An infinite loop issue was found in the e1000 NIC emulator of the QEMU. It occurs while processing transmit (tx) descriptors in process_tx_desc, if various...
CVE-2021-20255 AVG-1308 Low No Denial of service
A stack overflow via infinite recursion issue was found in the eepro100 i8255x device emulator of QEMU. It could occur while processing controller commands...
CVE-2021-20221 AVG-1308 Low No Arbitrary code execution
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU on aarch64 platform. The issue occurs because...
CVE-2021-20203 AVG-1308 Low No Denial of service
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU. It may occur if a guest was to supply invalid values for rx/tx queue size or...
CVE-2021-20196 AVG-1308 Low No Denial of service
A NULL pointer dereference issue was found in the Floppy disk emulator of QEMU. It could occur while processing read/write ioport commands, if the selected...
CVE-2021-20181 AVG-1308 Medium No Privilege escalation
A security issue was found in QEMU 5.2.0. A race condition in the Plan 9 file system component could allow privilege escalation.
CVE-2021-3416 AVG-1308 Low No Denial of service
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU. The issue occurs in loopback mode of a NIC wherein reentrant...
CVE-2021-3409 AVG-1308 Medium No Arbitrary code execution
Upstream commit dfba99f17feb6d4a129da19d38df1bcd8579d1c3 was supposed to fix CVE-2020-17380 and CVE-2020-25085, both involving a heap buffer overflow in the...
CVE-2021-3392 AVG-1308 Medium No Arbitrary code execution
A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error...
CVE-2020-35517 AVG-1308 Medium No Privilege escalation
A potential host privilege escalation issue was found in the virtio-fs shared  file system daemon (virtiofsd) of the QEMU. Virtio-fs daemon shares the host...
CVE-2020-35506 AVG-1308 Medium No Arbitrary code execution
A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the esp_do_dma() function in...
CVE-2020-35505 AVG-1308 Low No Denial of service
A NULL pointer dereference issue was found in the am53c974 SCSI host bus adapter emulation of QEMU. It could occur in the do_busid_cmd() function in...
CVE-2020-35504 AVG-1308 Low No Denial of service
A NULL pointer dereference issue was found in the SCSI emulation support of QEMU. It could occur in the scsi_req_continue() function in hw/scsi/scsi-bus.c...
CVE-2020-35503 AVG-1308 Low No Denial of service
A NULL pointer dereference issue was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU. It could occur in the megasas_command_cancelled()...
CVE-2020-29443 AVG-1308 Low No Directory traversal
An out-of-bounds read access issue was found in the ATAPI Emulator of QEMU. It occurs while processing ATAPI read command if logical block address(LBA) is...
CVE-2020-27821 AVG-1308 Medium No Denial of service
A heap buffer overflow was found in the Message Signaled Interrupt (MSI-X) device support of QEMU. The overflow could occur due to an out-of-bounds write of...
CVE-2020-15469 AVG-1308 Low No Denial of service
In QEMU 5.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVE-2020-14394 AVG-1308 Low No Denial of service
An infinite loop issue was found in the USB xHCI controller emulation of QEMU. Specifically, function xhci_ring_chain_length() in hw/usb/hcd-xhci.c may get...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1300 5.1.0-3 5.2.0-1 Medium Fixed FS#68356
AVG-1110 4.2.0-2 5.0.0-1 High Fixed
AVG-938 2.8.0-1 2.8.1-1 High Fixed
AVG-914 3.1.0-2 4.0.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-28916 AVG-1300 Medium No Denial of service
An infinite loop issue was found in the e1000e device emulator in QEMU before version 5.2.0. The issue could occur while receiving packets via...
CVE-2020-25723 AVG-1300 Medium No Denial of service
A reachable assertion issue was found in the USB EHCI emulation code of QEMU before version 5.2.0. It could occur while processing USB requests due to...
CVE-2020-25625 AVG-1300 Medium No Denial of service
An infinite loop issue was found in the USB OHCI controller emulator of QEMU before version 5.2.0. It could occur while servicing OHCI isochronous transfer...
CVE-2020-25624 AVG-1300 Medium No Arbitrary code execution
A flaw was found in QEMU before version 5.2.0. An out-of-bounds read/write access issue was found in the USB OHCI controller emulator. The issue could occur...
CVE-2020-14364 AVG-1300 Medium No Arbitrary code execution
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets...
CVE-2020-7039 AVG-1110 High No Arbitrary code execution
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the tcp_emu() routine while...
CVE-2020-1711 AVG-1110 High No Arbitrary code execution
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking...
CVE-2019-20382 AVG-1110 Low Yes Denial of service
A memory leak has been found in in the way VNC display driver of QEMU <= 4.2.0 handled connection disconnect, when ZRLE, Tight encoding is enabled. It...
CVE-2019-3812 AVG-914 High No Arbitrary code execution
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function....
CVE-2017-7980 AVG-938 High No Arbitrary code execution
Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds r/w access issue. It could occur while copying...

Advisories

Date Advisory Group Severity Type
16 Dec 2020 ASA-202012-26 AVG-1300 Medium multiple issues
07 May 2020 ASA-202005-6 AVG-1110 High multiple issues