Search CVE reports
61 – 70 of 396 results
CVE-2020-10717
Medium priorityA potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | — | Not affected | Not affected | Not affected |
qemu-kvm | — | — | Not in release | Not in release | Not in release |
CVE-2020-11869
Medium priorityAn integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | — | Fixed | Not affected | Not affected |
qemu-kvm | — | — | Not in release | Not in release | Not in release |
CVE-2020-1983
Medium prioritySome fixes available 14 of 16
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
4 affected packages
libslirp, qemu, qemu-kvm, slirp4netns
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Not in release |
qemu | Not affected | Not affected | Not affected | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
slirp4netns | Not affected | Not affected | Needs evaluation | Not in release | Not in release |
CVE-2020-10702
Low priorityA flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | — | Fixed | Not affected | Not affected |
qemu-kvm | — | — | Not in release | Not in release | Not in release |
CVE-2020-11102
Medium priorityhw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | — | — | Not affected | Not affected |
qemu-kvm | — | — | — | Not in release | Not in release |
CVE-2019-15034
Low priorityhw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | — | — | Not affected | Not affected | Not affected |
qemu-kvm | — | — | Not in release | Not in release | Not in release |
CVE-2019-20382
Low priorityQEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Not affected | Not affected | Not affected | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-1711
Medium prioritySome fixes available 13 of 14
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in...
2 affected packages
qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qemu | Fixed | Fixed | Fixed | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-8608
Medium prioritySome fixes available 17 of 30
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
5 affected packages
libslirp, qemu, qemu-kvm, slirp, slirp4netns
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | Fixed | Fixed | Fixed | Not in release | Not in release |
qemu | Not affected | Not affected | Not affected | Fixed | Fixed |
qemu-kvm | Not in release | Not in release | Not in release | Not in release | Not in release |
slirp | Vulnerable | Vulnerable | Vulnerable | Fixed | Fixed |
slirp4netns | Not affected | Not affected | Needs evaluation | Not in release | Not in release |
CVE-2020-7211
Medium prioritytftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
3 affected packages
libslirp, qemu, qemu-kvm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libslirp | — | — | — | Not in release | Not in release |
qemu | — | — | — | Not affected | Not affected |
qemu-kvm | — | — | — | Not in release | Not in release |