Search CVE reports


Toggle filters

91 – 100 of 466 results


CVE-2020-35517

Medium priority
Fixed

A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Not affected Not affected Not affected
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-29443

Low priority

Some fixes available 12 of 13

ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-11947

Medium priority

Some fixes available 3 of 4

iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2019-20808

Low priority
Ignored

In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Not affected Not affected Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2020-27821

Medium priority
Fixed

A flaw was found in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A guest user may...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Not affected Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2020-28916

Medium priority
Fixed

hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Not affected
qemu-kvm Not in release Not in release Not in release
Show less packages

CVE-2020-29130

Low priority
Fixed

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

3 affected packages

libslirp, qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Not affected Fixed Not in release Not in release
qemu Not affected Not affected Not affected Not affected
qemu-kvm Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-29129

Low priority
Fixed

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

3 affected packages

libslirp, qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libslirp Not affected Not affected Fixed Not in release Not in release
qemu Not affected Not affected Not affected Not affected Not affected
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-25723

Medium priority

Some fixes available 12 of 13

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse...

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-27617

Low priority

Some fixes available 12 of 13

eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.

2 affected packages

qemu, qemu-kvm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qemu Fixed Fixed Fixed Fixed Fixed
qemu-kvm Not in release Not in release Not in release Not in release Not in release
Show less packages