Search CVE reports


Toggle filters

71 – 80 of 466 results


CVE-2019-12067

Low priority
Vulnerable

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-3546

Medium priority
Fixed

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw occurs while processing the 'VIRTIO_GPU_CMD_GET_CAPSET' command from the...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Not affected Not affected
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-3545

Low priority
Fixed

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Not affected Not affected
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-3544

Low priority
Fixed

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Not affected Not affected
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-35503

Low priority
Vulnerable

A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-35506

Low priority
Fixed

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Not affected Not affected Not affected
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-35505

Low priority

Some fixes available 11 of 13

A NULL pointer dereference flaw was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0. This issue occurs while handling the 'Information Transfer' command. This flaw allows a privileged guest...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-35504

Low priority

Some fixes available 11 of 13

A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service....

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-3527

Low priority

Some fixes available 11 of 13

A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-20196

Low priority

Some fixes available 9 of 25

A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a...

3 affected packages

qemu, qemu-kvm, xen

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Vulnerable
qemu-kvm Not in release Not in release Not in release Not in release Not in release
xen Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages