Search CVE reports

Toggle filters

61 – 70 of 397 results

CVE-2020-12829

Medium priority

Some fixes available 3 of 5

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Not affected Not affected Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-10717

Medium priority
Not affected

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Not affected Not affected
qemu-kvm Not in release Not in release
Show less packages

CVE-2020-11869

Medium priority
Fixed

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through...

2 affected packages

qemu-kvm, qemu

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu-kvm Not in release Not in release
qemu Fixed Not affected
Show less packages

CVE-2020-1983

Medium priority

Some fixes available 16 of 18

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

4 affected packages

libslirp, qemu, qemu-kvm, slirp4netns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libslirp Fixed Fixed Fixed Not in release
qemu Not affected Not affected Not affected Fixed
qemu-kvm Not in release Not in release Not in release Not in release
slirp4netns Not affected Not affected Needs evaluation Not in release
Show less packages

CVE-2020-10702

Low priority
Fixed

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Not affected
qemu-kvm Not in release Not in release
Show less packages

CVE-2020-11102

Medium priority
Not affected

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Not affected
qemu-kvm Not in release
Show less packages

CVE-2019-15034

Low priority
Fixed

hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Not affected Not affected
qemu-kvm Not in release Not in release
Show less packages

CVE-2019-20382

Low priority
Fixed

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Not affected Not affected Not affected Fixed
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-1711

Medium priority

Some fixes available 15 of 16

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
qemu Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-8608

Medium priority

Some fixes available 19 of 34

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

5 affected packages

libslirp, qemu, qemu-kvm, slirp, slirp4netns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libslirp Fixed Fixed Fixed Not in release
qemu Not affected Not affected Not affected Fixed
qemu-kvm Not in release Not in release Not in release Not in release
slirp Vulnerable Vulnerable Vulnerable Fixed
slirp4netns Not affected Not affected Needs evaluation Not in release
Show less packages
  1. Previous page
  2. 5
  3. 6
  4. 7
  5. 8
  6. 9
  7. Next page
Export to JSON