Search CVE reports

Toggle filters

41 – 50 of 397 results

CVE-2020-24352

Low priority
Vulnerable

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations...

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Vulnerable Vulnerable Vulnerable Not affected
Show less packages

CVE-2020-1983

Medium priority

Some fixes available 15 of 17

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

4 affected packages

qemu, qemu-kvm, libslirp, slirp4netns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Not affected Not affected Not affected Fixed
qemu-kvm Not in release Not in release Not in release Not in release
libslirp Fixed Fixed Fixed Not in release
slirp4netns Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2020-17380

Medium priority

Some fixes available 13 of 14

A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A...

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-1711

Medium priority

Some fixes available 14 of 15

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-16092

Low priority
Fixed

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Fixed
qemu-kvm Not in release Not in release
Show less packages

CVE-2020-15863

Low priority

Some fixes available 3 of 4

hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this...

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Not affected Not affected Fixed Fixed
Show less packages

CVE-2020-15859

Medium priority

Some fixes available 4 of 5

QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Not affected Not affected Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-15469

Low priority

Some fixes available 12 of 15

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-14415

Low priority

Some fixes available 1 of 2

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Not affected
qemu-kvm Not in release Not in release
Show less packages

CVE-2020-14394

Low priority

Some fixes available 2 of 9

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host,...

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release Not in release Not in release
qemu Not affected Fixed Fixed Vulnerable
Show less packages
  1. Previous page
  2. 3
  3. 4
  4. 5
  5. 6
  6. 7
  7. Next page
Export to JSON