Search CVE reports


Toggle filters

61 – 70 of 466 results


CVE-2021-3713

Low priority

Some fixes available 2 of 3

An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Not affected Not affected Not affected
Show less packages

CVE-2021-3682

Medium priority

Some fixes available 7 of 8

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-3608

Low priority
Fixed

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-3607

Low priority
Fixed

An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation....

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-3582

Medium priority
Fixed

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs while handling a "PVRDMA_CMD_CREATE_MR" command due to improper memory remapping (mremap). This flaw allows a malicious guest to...

1 affected package

qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-3595

Low priority
Fixed

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the...

2 affected packages

libslirp, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Fixed Fixed Fixed Not in release Ignored
qemu Not affected Not affected Not affected Fixed Not affected
Show less packages

CVE-2021-3594

Low priority
Fixed

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the...

2 affected packages

libslirp, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Fixed Fixed Fixed Not in release Ignored
qemu Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2021-3593

Low priority

Some fixes available 11 of 13

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the...

2 affected packages

libslirp, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Fixed Fixed Fixed Not in release Ignored
qemu Not affected Not affected Not affected Fixed Vulnerable
Show less packages

CVE-2021-3592

Low priority
Fixed

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the...

2 affected packages

libslirp, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Fixed Fixed Fixed Not in release Ignored
qemu Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2020-27661

Low priority
Not affected

A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages