Computer vulnerabilities of QEMU

QEMU: NULL pointer dereference via ide_cancel_dma_sync
An attacker, inside a guest system, can force a NULL pointer to be dereferenced via ide_cancel_dma_sync() of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-25743, VIGILANCE-VUL-33449

QEMU: NULL pointer dereference via pci_change_irq_level
An attacker, inside a guest system, can force a NULL pointer to be dereferenced via pci_change_irq_level() of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-25742, VIGILANCE-VUL-33448

QEMU: NULL pointer dereference via fdctrl_read_data/fdctrl_write_data
An attacker, inside a guest system, can force a NULL pointer to be dereferenced via fdctrl_read_data/fdctrl_write_data() of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-25741, VIGILANCE-VUL-33447

QEMU: memory corruption via USB Emulator
An attacker, inside a guest system, can trigger a memory corruption via USB Emulator of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
CERTFR-2020-AVI-525, CERTFR-2020-AVI-526, CTX280451, CVE-2020-14364, DLA-2373-1, DSA-4760-1, FEDORA-2020-3689b67b53, FEDORA-2020-eeb29955ed, openSUSE-SU-2020:1664-1, RHSA-2020:4047-01, RHSA-2020:4048-01, RHSA-2020:4049-01, RHSA-2020:4050-01, RHSA-2020:4051-01, RHSA-2020:4052-01, RHSA-2020:4053-01, RHSA-2020:4054-01, RHSA-2020:4055-01, RHSA-2020:4056-01, RHSA-2020:4058-01, RHSA-2020:4059-01, RHSA-2020:4078-01, RHSA-2020:4079-01, RHSA-2020:4162-01, RHSA-2020:4290-01, RHSA-2020:4291-01, SUSE-SU-2020:14521-1, SUSE-SU-2020:2743-1, SUSE-SU-2020:2786-1, SUSE-SU-2020:2787-1, SUSE-SU-2020:2788-1, SUSE-SU-2020:2789-1, SUSE-SU-2020:2790-1, SUSE-SU-2020:2791-1, SUSE-SU-2020:2822-1, SUSE-SU-2020:2877-1, USN-4511-1, VIGILANCE-VUL-33141, XSA-335

QEMU: integer overflow via oss_write
An attacker, inside a guest system, can trigger an integer overflow via oss_write() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
CVE-2020-14415, USN-4467-1, VIGILANCE-VUL-33120

QEMU: integer overflow via sm501_2d_operation
An attacker, inside a guest system, can trigger an integer overflow via sm501_2d_operation() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
CVE-2020-12829, DSA-4760-1, USN-4467-1, VIGILANCE-VUL-33119

QEMU: assertion error via net_tx_pkt_add_raw_fragment
An attacker, inside a guest system, can force an assertion error via net_tx_pkt_add_raw_fragment() of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-16092, DLA-2373-1, DSA-4760-1, openSUSE-SU-2020:1664-1, SUSE-SU-2020:2743-1, SUSE-SU-2020:2877-1, USN-4467-1, VIGILANCE-VUL-33040

QEMU: buffer overflow via xgmac_enet_send
An attacker, inside a guest system, can trigger a buffer overflow via xgmac_enet_send() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
CVE-2020-15863, DLA-2288-1, DSA-4760-1, openSUSE-SU-2020:1664-1, SUSE-SU-2020:2743-1, SUSE-SU-2020:2877-1, USN-4467-1, VIGILANCE-VUL-32898

QEMU: use after free via e1000e
An attacker, inside a guest system, can force the usage of a freed memory area via e1000e of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
CVE-2020-15859, VIGILANCE-VUL-32892

libslirp: out-of-bounds memory reading via icmp6_send_echoreply
An attacker can force a read at an invalid address via icmp6_send_echoreply() of libslirp, in order to trigger a denial of service, or to obtain sensitive information...
CVE-2020-10756, DLA-2288-1, DSA-4728-1, openSUSE-SU-2020:0987-1, openSUSE-SU-2020:0994-1, RHSA-2020:3586-01, RHSA-2020:4059-01, USN-4437-1, USN-4467-1, VIGILANCE-VUL-32868, ZDI-20-1005

Our database contains other pages. You can request a free trial to read them.

Display information about QEMU:

https://wiki.qemu.org/index.php/Main_Page