Computer vulnerabilities of QEMU

QEMU: overload via e1000e Null Packet Descriptor
An attacker, inside a guest system, can trigger an overload via e1000e Null Packet Descriptor of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-28916, VIGILANCE-VUL-34010

QEMU: assertion error via usb_packet_map
An attacker, inside a guest system, can force an assertion error via usb_packet_map() of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-25723, DLA-2469-1, SUSE-SU-2020:14557-1, USN-4650-1, VIGILANCE-VUL-33989

QEMU: out-of-bounds memory reading via SLiRP ARP/NCSI Packets
An attacker, inside a guest system, can force a read at an invalid address via SLiRP ARP/NCSI Packets of QEMU, in order to trigger a denial of service, or to obtain sensitive information on the host system...
CVE-2020-29129, CVE-2020-29130, SUSE-SU-2020:14578-1, SUSE-SU-2020:3880-1, SUSE-SU-2020:3913-1, SUSE-SU-2020:3914-1, SUSE-SU-2020:3945-1, VIGILANCE-VUL-33987

QEMU: out-of-bounds memory reading via ati-vga ati_2d_blt
An attacker, inside a guest system, can force a read at an invalid address via ati-vga ati_2d_blt() of QEMU, in order to trigger a denial of service, or to obtain sensitive information on the host system...
CVE-2020-27616, USN-4650-1, VIGILANCE-VUL-33775

QEMU: assertion error via eth_get_gso_type
An attacker, inside a guest system, can force an assertion error via eth_get_gso_type() of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-27617, DLA-2469-1, K41142448, USN-4650-1, VIGILANCE-VUL-33758

QEMU: buffer overflow via ati_2d_blt
An attacker, inside a guest system, can trigger a buffer overflow via ati_2d_blt() of QEMU, in order to trigger a denial of service, and possibly to run code on the host system...
1175370, CVE-2020-24352, openSUSE-SU-2020:1664-1, RHBUG-1847584, SUSE-SU-2020:2877-1, VIGILANCE-VUL-33500

QEMU: NULL pointer dereference via ide_cancel_dma_sync
An attacker, inside a guest system, can force a NULL pointer to be dereferenced via ide_cancel_dma_sync() of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-25743, VIGILANCE-VUL-33449

QEMU: NULL pointer dereference via pci_change_irq_level
An attacker, inside a guest system, can force a NULL pointer to be dereferenced via pci_change_irq_level() of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-25742, VIGILANCE-VUL-33448

QEMU: NULL pointer dereference via fdctrl_read_data/fdctrl_write_data
An attacker, inside a guest system, can force a NULL pointer to be dereferenced via fdctrl_read_data/fdctrl_write_data() of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-25741, VIGILANCE-VUL-33447

QEMU: overload via hw/usb/hcd-ohci.c
An attacker, inside a guest system, can trigger an overload via hw/usb/hcd-ohci.c of QEMU, in order to trigger a denial of service on the host system...
CVE-2020-25625, DLA-2469-1, USN-4650-1, VIGILANCE-VUL-33356

Our database contains other pages. You can request a free trial to read them.

Display information about QEMU:

https://wiki.qemu.org/index.php/Main_Page